Mercurial > logstash

comparison logstash.conf @ 3:796ac0b50dbf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add cron.daily index cleaning
author Carl Byington <carl@five-ten-sg.com>
date Thu, 07 Mar 2013 10:41:01 -0800
parents 59fe08a2fcbe
children 6b7beb807d14
comparison
equal deleted inserted replaced
2:9e0cdf091b8a 3:796ac0b50dbf
30 grok { 30 grok {
31 type => "sendmail" 31 type => "sendmail"
32 pattern => "%{SENDMAIL}" 32 pattern => "%{SENDMAIL}"
33 patterns_dir => "/var/lib/logstash/data/patterns" 33 patterns_dir => "/var/lib/logstash/data/patterns"
34 } 34 }
35 grep {
36 type => "sendmail"
37 match => [ "program", "sendmail" ]
38 }
39 grep {
40 type => "sendmail"
41 negate => true
42 match => [ "message", "^(M|m)ilter" ]
43 }
35 44
36 grok { 45 grok {
37 type => "linux-syslog" 46 type => "linux-syslog"
38 pattern => "%{SYSLOGBASE}" 47 pattern => "%{SYSLOGBASE}"
39 } 48 }
40 date { 49 date {
41 # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME} 50 # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
42 type => "linux-syslog" 51 type => "linux-syslog"
43 timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"] 52 timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"]
44 } 53 }
45 grok { 54 grok {
46 type => "apache-access" 55 type => "apache-access"
47 pattern => "%{COMBINEDAPACHELOG}" 56 pattern => "%{COMBINEDAPACHELOG}"
48 } 57 }