seanherron/gist:62562f38f6f5767f2788

## gistfile1.txt
if [log_type] == "nginx-error" {
      grok {
        match => [
        "message", "%{DATA} %{WORD:webserver} %{HOST:myhost}\-%{WORD:class}\: (?%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME}) \[%{LOGLEVEL:severity}\] %{POSINT:pid}#%{NUMBER}: %{GREEDYDATA:errormessage}(?:, client: (?%{IP}|%{HOSTNAME}))(?:, server: %{IPORHOST:server})(?:, request: %{QS:request})?(?:, host: %{QS:host})?(?:, referrer: \”%{URI:referrer})",
        "message", "%{DATESTAMP:timestamp} \[%{LOGLEVEL:severity}\] %{GREEDYDATA:errormessage}"
        ]
      }
      date {
          locale => "en"
          match => [ "time_local", "dd/MMM/YYYY:HH:mm:ss Z" ]
      }
  }
	if [log_type] == "nginx-error" {
	grok {
	match => [
	"message", "%{DATA} %{WORD:webserver} %{HOST:myhost}\-%{WORD:class}\: (?%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME}) \[%{LOGLEVEL:severity}\] %{POSINT:pid}#%{NUMBER}: %{GREEDYDATA:errormessage}(?:, client: (?%{IP}\|%{HOSTNAME}))(?:, server: %{IPORHOST:server})(?:, request: %{QS:request})?(?:, host: %{QS:host})?(?:, referrer: \”%{URI:referrer})",
	"message", "%{DATESTAMP:timestamp} \[%{LOGLEVEL:severity}\] %{GREEDYDATA:errormessage}"
	]
	}
	date {
	locale => "en"
	match => [ "time_local", "dd/MMM/YYYY:HH:mm:ss Z" ]
	}
	}