Mercurial > logstash

diff logstash.conf @ 21:1d50b19beda0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
work on building from source
author Carl Byington <carl@five-ten-sg.com>
date Wed, 17 Apr 2013 17:38:14 -0700
parents 567e51f1f5e7
children 8ed811f9a0bd
line wrap: on
line diff
--- a/logstash.conf	Wed Apr 17 13:10:34 2013 -0700
+++ b/logstash.conf	Wed Apr 17 17:38:14 2013 -0700
@@ -63,7 +63,7 @@
     date {
         # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
         type            => "linux-syslog"
-        timestamp       => ["MMM dd HH:mm:ss","MMM  d HH:mm:ss"]
+        match           => [ "timestamp", "MMM dd HH:mm:ss", "MMM  d HH:mm:ss" ]
     }
     grok {
         type            => "apache-access"
@@ -73,7 +73,7 @@
         # Try to pull the timestamp from the 'timestamp' field (parsed above with
         # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700"
         type            => "apache-access"
-        timestamp       => "dd/MMM/yyyy:HH:mm:ss Z"
+        match           => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
     }
     grok {
         type            => "apache-error"
@@ -85,5 +85,6 @@
 output {
     elasticsearch {
         embedded => true
+        host     => "127.0.0.1"
     }
 }