beats {
host => "0.0.0.0"
port => "5044"
}
}
filter {
if [fields][log_producer] == "envoy" {
grok {
match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] \"%{DATA:method} (?:%{URIPATH:uri_path}(?:%{URIPARAM:uri_param})?|%{DATA:}) %{DATA:protocol}\" %{NUMBER:status_code} %{DATA:response_flags} %{NUMBER:bytes_sent} %{NUMBER:bytes_received} %{NUMBER:duration} (?:%{NUMBER:upstream_service_time}|%{DATA:tcp_service_time}) \"%{DATA:forwarded_for}\" \"%{DATA:user_agent}\" \"%{DATA:request_id}\" \"%{DATA:authority}\" \"%{DATA:upstream_service}\""
}
}
}
}
Last active
April 3, 2018 06:53
-
-
Save skyrocknroll/12d0ebee8f290153b9a6858f2d74d77d to your computer and use it in GitHub Desktop.
logstash grok envoy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment