Skip to content

Instantly share code, notes, and snippets.

@milnomada

milnomada/logstash_solr.conf

Last active August 12, 2018 14:43
Show Gist options
  • Save milnomada/cbc22653535f568979888bd8a8261c21 to your computer and use it in GitHub Desktop.
Save milnomada/cbc22653535f568979888bd8a8261c21 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
logstash_solr.conf
# Solr configuration
input {
file {
path => "/var/log/syslog"
start_position => "end"
}
}
filter {
if [message] =~ "crawler" or [message] =~ "milnomada" {
mutate {
remove_field => ["@version","path","tags","status","host"]
gsub => [ "message", "[\\\"]", "" ]
}
}
else {
drop { }
}
grok {
match => {
"message" => "%{SYSLOGTIMESTAMP} %{DATA:messagetype} %{DATA:hostname}\: %{HOSTNAME:ip} %{DATA:text} %{DATA:text} \[%{DATA:date}\] %{DATA:http_method} %{DATA:request_url} %{DATA:http_version} %{DATA:http_code} %{DATA:response_payload} %{DATA:http_referer} %{GREEDYDATA:user_agent}"
}
}
mutate {
# rename => { "@timestamp" => "id" }
rename => { "message"=>"_text_" }
# add_field => { "_version_" => "-1" }
remove_field => ["messagetype","text"]
}
ruby {
code => 'event.set("id", Time.now.strftime("%Y%m%d%H%M%S%L").to_i )'
}
}
output {
solr_http {
solr_url => "http://{ip}:{port}/solr/{collection}"
flush_size => 1 # Fast (test)
}
stdout { codec => rubydebug }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment