-
-
Save tuapuikia/0ff41653a4657355f65fecada380c627 to your computer and use it in GitHub Desktop.
php error logging into logstash + elasticsearch and trace errors on single line and root path hidden
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| file { | |
| type => "php-error" | |
| path => "/var/www/error_log" | |
| sincedb_path => "/opt/logstash/sincedb-access" | |
| } | |
| } | |
| filter { | |
| mutate { | |
| gsub => [ | |
| "message", "/var/www", "", | |
| "message", "/var/www", "", | |
| "path", "/var/www", "" | |
| ] | |
| } | |
| if [type] == "php-error" { | |
| grok { | |
| match => [ "message", "\[%{MONTHDAY:day}-%{MONTH:month}-%{YEAR:year} %{TIME:time} %{WORD:zone}/%{WORD:country}\] PHP %{DATA:level}\: %{GREEDYDATA:error}" ] | |
| add_field => { "timestamp" => "%{day}-%{month}-%{year} %{time} %{zone}/%{country}" } | |
| add_tag => [ "%{level}" ] | |
| remove_field => [ "day", "month", "year", "time", "zone", "country" ] | |
| } | |
| multiline { | |
| pattern => "(Stack trace:)|(^#.+)|(^\"\")|( thrown+)|(^\s)" | |
| what => "previous" | |
| } | |
| date { | |
| timezone => "America/Mexico_City" | |
| match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss", "dd-MMM-yyyy HH:mm:ss ZZZ" ] | |
| target => "@timestamp" | |
| remove_field => "timestamp" | |
| } | |
| } | |
| mutate { | |
| uppercase => [ "level" ] | |
| lowercase => [ "tags" ] | |
| gsub => [ | |
| "tags", " ", "_", | |
| "level", " ", "_" | |
| ] | |
| } | |
| } | |
| output { | |
| stdout { | |
| codec => rubydebug | |
| } | |
| elasticsearch { | |
| host => "localhost" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment