Mercurial > logstash

comparison logstash.conf @ 21:1d50b19beda0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
work on building from source
author Carl Byington <carl@five-ten-sg.com>
date Wed, 17 Apr 2013 17:38:14 -0700
parents 567e51f1f5e7
children 8ed811f9a0bd
comparison
equal deleted inserted replaced
20:a94969b736cb 21:1d50b19beda0
61 pattern => "%{SYSLOGBASE}" 61 pattern => "%{SYSLOGBASE}"
62 } 62 }
63 date { 63 date {
64 # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME} 64 # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
65 type => "linux-syslog" 65 type => "linux-syslog"
66 timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"] 66 match => [ "timestamp", "MMM dd HH:mm:ss", "MMM d HH:mm:ss" ]
67 } 67 }
68 grok { 68 grok {
69 type => "apache-access" 69 type => "apache-access"
70 pattern => "%{COMBINEDAPACHELOG}" 70 pattern => "%{COMBINEDAPACHELOG}"
71 } 71 }
72 date { 72 date {
73 # Try to pull the timestamp from the 'timestamp' field (parsed above with 73 # Try to pull the timestamp from the 'timestamp' field (parsed above with
74 # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700" 74 # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700"
75 type => "apache-access" 75 type => "apache-access"
76 timestamp => "dd/MMM/yyyy:HH:mm:ss Z" 76 match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
77 } 77 }
78 grok { 78 grok {
79 type => "apache-error" 79 type => "apache-error"
80 patterns_dir => "/var/lib/logstash/data/patterns" 80 patterns_dir => "/var/lib/logstash/data/patterns"
81 pattern => "%{APACHE_ERROR_LOG}" 81 pattern => "%{APACHE_ERROR_LOG}"
83 } 83 }
84 84
85 output { 85 output {
86 elasticsearch { 86 elasticsearch {
87 embedded => true 87 embedded => true
88 host => "127.0.0.1"
88 } 89 }
89 } 90 }