This repository has been archived by the owner on Dec 20, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlogstash.conf
112 lines (109 loc) · 3.16 KB
/
logstash.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# See http://logstash.net/docs/latest/ for documentation on how to configure Logstash.
input {
file {
path => "/host/var/log/*access*.log"
type => "apache"
sincedb_path => "/logstash/sincedb/since.db"
codec => multiline {
pattern => "^%{IPORHOST} "
negate => true
what => previous
}
}
file {
path => "/host/var/log/*haproxy*.log"
type => "haproxy"
sincedb_path => "/logstash/sincedb/since.db"
codec => multiline {
pattern => "^%{SYSLOGTIMESTAMP} "
negate => true
what => previous
}
}
file {
path => "/host/var/log/*jboss*.log"
type => "jboss"
sincedb_path => "/logstash/sincedb/since.db"
codec => multiline {
pattern => "^(%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND}) "
negate => true
what => previous
}
}
file {
path => "/host/var/log/*.log"
type => "default"
sincedb_path => "/logstash/sincedb/since.db"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => true
what => previous
}
}
}
filter {
if [type] == "apache" {
grok {
match => [
"message", "%{COMBINEDAPACHELOG}",
"path","%{GREEDYDATA}/%{GREEDYDATA:filename}\.log"
]
break_on_match => false
}
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
target => ["datetime"]
}
ruby {
code => "require 'date';
event['Timestamp'] = DateTime.parse(event['datetime'].to_iso8601).strftime('%Y-%m-%d %H:%M:%S.%L')"
}
} else if [type] == "haproxy" {
grok {
match => [
"message", "%{HAPROXYHTTP}",
"path","%{GREEDYDATA}/%{GREEDYDATA:filename}\.log"
]
break_on_match => false
}
date {
match => [ 'accept_date', 'dd/MMM/yyyy:HH:mm:ss.SSS']
target => ["datetime"]
}
ruby {
code => "require 'date';
event['Timestamp'] = DateTime.parse(event['datetime'].to_iso8601).strftime('%Y-%m-%d %H:%M:%S.%L')"
}
} else if [type] == "jboss" {
grok {
match => [
"message", "(?<jtime>%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND}) %{LOGLEVEL:level} (?<logmessage>(.|\r|\n)*)",
"path","%{GREEDYDATA}/%{GREEDYDATA:filename}\.log"
]
break_on_match => false
}
date {
match => [ 'jtime', 'YYYY/MM/dd HH:mm:ss,SSS']
target => ["datetime"]
}
ruby {
code => "require 'date';
event['Timestamp'] = DateTime.parse(event['datetime'].to_iso8601).strftime('%Y-%m-%d %H:%M:%S.%L')"
}
} else if [type] == "default" {
grok {
match => [
"message", "%{TIMESTAMP_ISO8601:Timestamp} %{LOGLEVEL:level} (?m)%{GREEDYDATA:logmessage}",
"path","%{GREEDYDATA}/%{GREEDYDATA:filename}\.log"
]
break_on_match => false
}
}
}
output {
redis {
host => "redis"
data_type => "list"
key => "logstash-%{type}"
}
}