mrlesmithjr/gist:b734ea2825331d1bb837

## gistfile1.txt
RAW Log
<135> 05/13/2014:21:17:55 GMT nsvpx-esx-2 0-PPE-0 : SSLLOG SSL_HANDSHAKE_SUCCESS 6103955 0 :  SPCBId 59218 - ClientIP 142.28.165.235 - ClientPort 56308 - VserverServiceIP 192.168.1.200 - VserverServicePort 443 - ClientVersion TLSv1.0 - CipherSuite "RC4-MD5 TLSv1 Non-Export 128-bit" - Session Reuse

filter {
	if "Netscaler" in [tags] {
		grok {
			break_on_match => false
			match => [
				"message", '%{SYSLOG5424PRI} %{DATE}:%{HAPROXYTIME} GMT %{SYSLOGHOST:syslog_hostname} %{PROG:netscaler_process} : %{DATA:netscaler_feature} %{DATA:netscaler_message} %{DATA} : %{DATA} %{INT:netscaler_spcbid} - %{DATA} %{IP:client_ip} - %{DATA} %{INT:client_port} - %{DATA} %{IP:vserver_ip} - %{DATA} %{INT:vserver_port} - %{DATA} %{DATA:client_version} - %{DATA} "%{DATA:cipher_suite}" - %{DATA} %{WORD:session_method}'
			]
		}
		mutate {
			replace => [ "@source_host", "%{host}" ]
		}
		mutate {
			replace => [ "@message", "%{netscaler_message}" ]
		}
	}


Getting _grokparsefailure
	RAW Log
	<135> 05/13/2014:21:17:55 GMT nsvpx-esx-2 0-PPE-0 : SSLLOG SSL_HANDSHAKE_SUCCESS 6103955 0 : SPCBId 59218 - ClientIP 142.28.165.235 - ClientPort 56308 - VserverServiceIP 192.168.1.200 - VserverServicePort 443 - ClientVersion TLSv1.0 - CipherSuite "RC4-MD5 TLSv1 Non-Export 128-bit" - Session Reuse

	filter {
	if "Netscaler" in [tags] {
	grok {
	break_on_match => false
	match => [
	"message", '%{SYSLOG5424PRI} %{DATE}:%{HAPROXYTIME} GMT %{SYSLOGHOST:syslog_hostname} %{PROG:netscaler_process} : %{DATA:netscaler_feature} %{DATA:netscaler_message} %{DATA} : %{DATA} %{INT:netscaler_spcbid} - %{DATA} %{IP:client_ip} - %{DATA} %{INT:client_port} - %{DATA} %{IP:vserver_ip} - %{DATA} %{INT:vserver_port} - %{DATA} %{DATA:client_version} - %{DATA} "%{DATA:cipher_suite}" - %{DATA} %{WORD:session_method}'
	]
	}
	mutate {
	replace => [ "@source_host", "%{host}" ]
	}
	mutate {
	replace => [ "@message", "%{netscaler_message}" ]
	}
	}


	Getting _grokparsefailure