1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
filter {
if [type] =~ /^json/ or [type] =~ /json$/ {
json {
source => "message"
}
}
if [type] == "apache_access" or [path] =~ "access" {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
if [type] =~ /loggo/ {
grok {
match => {"message"=>"%{TIMESTAMP_ISO8601:log_timestamp} %{LOGLEVEL:level} %{DATA:logger} %{DATA:filename}:%{DATA:linenum} %{GREEDYDATA:logmessage}"}
}
date { match => ["log_timestamp", "yyyy-MM-dd HH:mm:ss"] }
}
}
|