Mercurial > logstash
comparison logstash.conf @ 21:1d50b19beda0
work on building from source
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Wed, 17 Apr 2013 17:38:14 -0700 |
parents | 567e51f1f5e7 |
children | 8ed811f9a0bd |
comparison
equal
deleted
inserted
replaced
20:a94969b736cb | 21:1d50b19beda0 |
---|---|
61 pattern => "%{SYSLOGBASE}" | 61 pattern => "%{SYSLOGBASE}" |
62 } | 62 } |
63 date { | 63 date { |
64 # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME} | 64 # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME} |
65 type => "linux-syslog" | 65 type => "linux-syslog" |
66 timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"] | 66 match => [ "timestamp", "MMM dd HH:mm:ss", "MMM d HH:mm:ss" ] |
67 } | 67 } |
68 grok { | 68 grok { |
69 type => "apache-access" | 69 type => "apache-access" |
70 pattern => "%{COMBINEDAPACHELOG}" | 70 pattern => "%{COMBINEDAPACHELOG}" |
71 } | 71 } |
72 date { | 72 date { |
73 # Try to pull the timestamp from the 'timestamp' field (parsed above with | 73 # Try to pull the timestamp from the 'timestamp' field (parsed above with |
74 # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700" | 74 # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700" |
75 type => "apache-access" | 75 type => "apache-access" |
76 timestamp => "dd/MMM/yyyy:HH:mm:ss Z" | 76 match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ] |
77 } | 77 } |
78 grok { | 78 grok { |
79 type => "apache-error" | 79 type => "apache-error" |
80 patterns_dir => "/var/lib/logstash/data/patterns" | 80 patterns_dir => "/var/lib/logstash/data/patterns" |
81 pattern => "%{APACHE_ERROR_LOG}" | 81 pattern => "%{APACHE_ERROR_LOG}" |
83 } | 83 } |
84 | 84 |
85 output { | 85 output { |
86 elasticsearch { | 86 elasticsearch { |
87 embedded => true | 87 embedded => true |
88 host => "127.0.0.1" | |
88 } | 89 } |
89 } | 90 } |