root@log01:~# cat /etc/logstash/logstash.conf input { redis { hos

1. root@log01:~# cat /etc/logstash/logstash.conf
2. input {
3. redis {
4. host => "10.81.168.151"
5. type => "redis"
6. data_type => "list"
7. key => "logstash"
8. }
9. }
10.  
11. filter {
12. if [type] == "syslog" {
13. grok {
14. overwrite => "message"
15. match => {
16. "message" => "^(?:<%{POSINT:syslog_pri}>)?%{SYSLOGTIMESTAMP:timestamp} %{IPORHOST:hostname} (?:%{PROG:program}(?:\[%{POSINT:pid}\])?: )?%{GREEDYDATA:message}"
17. }
18. }
19. mutate {
20. remove_field => [ "hostname" ]
21. }
22. }
23. }
24.  
25. filter {
26. grok {
27. type => "nginxaccess"
28. overwrite => "message"
29. match => {
30. "message" => "%{IPORHOST:proxy_addr} - %{USERNAME:remote_user} \[%{HTTPDATE:timestamp}\] %{GREEDYDATA:message}"
31. }
32. }
33. mutate {
34. type => "nginxaccess"
35. add_field => [ "program", "Nginx" ]
36. }
37. }
38.  
39. filter {
40. grok {
41. type => "nginxerror"
42. overwrite => "message"
43. match => {
44. "message" => "%{DATESTAMP:timestamp} %{GREEDYDATA:message}"
45. }
46. }
47. mutate {
48. type => "nginxerror"
49. add_field => [ "program", "Nginx" ]
50. }
51. }
52.  
53. filter {
54. json {
55. type => "appmachine"
56. source => "message"
57. }
58. grok {
59. overwrite => "message"
60. match => {
61. "@message" => "%{GREEDYDATA:message}"
62. }
63. }
64. mutate {
65. remove_field => [ "@message" ]
66. }
67. }
68.  
69. output {
70. stdout { }
71. elasticsearch {
72. host => "127.0.0.1"
73. cluster => "logstash"
74. }
75. }