Created
November 28, 2017 20:52
-
-
Save openfirmware/2c2f7c79b084a3deaeda88335c365c0c to your computer and use it in GitHub Desktop.
Fluentd configuration for matching ElasticSearch 1.3 logfiles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Will match multi-line errors, as the first line will be a timestamp | |
# and only sometimes will there be additional lines with Java | |
# stacktraces. | |
# We use the timekey from the log file and trust it, but discard the | |
# fractional seconds — they don't parse for me, but that may be due | |
# to a different version of Ruby. | |
# | |
# The following fields will be parsed: | |
# - time: timestamp | |
# - loglevel: INFO, WARN, etc. | |
# - logcategory: node, plugins, transport, http, etc. | |
# - codename: The auto-generated codename for the ElasticSearch | |
# instance. | |
# - message: The remaining log message. | |
<source> | |
@type tail | |
path /home/ubuntu/elasticsearch-1.3.1/logs/elasticsearch.log | |
pos_file /var/log/td-agent/es-log.pos | |
tag nodename.elasticsearch | |
keep_time_key true | |
time_format %Y-%m-%d %H:%M:%S | |
format multiline | |
format_firstline /\[\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}\]/ | |
format1 /^\[(?<time>[^\]]*)\]\[(?<loglevel>[^\]]*)\]\[(?<logcategory>[^\] ]*) *\] \[(?<codename>[^\]]*)\] (?<message>.*)$/ | |
</source> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment