Mercurial > logstash
diff logstash.conf @ 21:1d50b19beda0
work on building from source
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Wed, 17 Apr 2013 17:38:14 -0700 |
parents | 567e51f1f5e7 |
children | 8ed811f9a0bd |
line wrap: on
line diff
--- a/logstash.conf Wed Apr 17 13:10:34 2013 -0700 +++ b/logstash.conf Wed Apr 17 17:38:14 2013 -0700 @@ -63,7 +63,7 @@ date { # do we need this? the above picks up SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME} type => "linux-syslog" - timestamp => ["MMM dd HH:mm:ss","MMM d HH:mm:ss"] + match => [ "timestamp", "MMM dd HH:mm:ss", "MMM d HH:mm:ss" ] } grok { type => "apache-access" @@ -73,7 +73,7 @@ # Try to pull the timestamp from the 'timestamp' field (parsed above with # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700" type => "apache-access" - timestamp => "dd/MMM/yyyy:HH:mm:ss Z" + match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ] } grok { type => "apache-error" @@ -85,5 +85,6 @@ output { elasticsearch { embedded => true + host => "127.0.0.1" } }