input{ file{ type=>"python" path=>["/home/test/logs/*"] exclud

1. input{
2. file{
3. type=>"python"
4. path=>["/home/test/logs/*"]
5. exclude=>['*.tar', '*.tgz', '*.gz', '*.bz2', '*.zip']
6. start_position=>"end"
7. }
8. file{
9. type=>"system_messages"
10. path=>["/var/log/messages*"]
11. exclude=>["*.tar","*.tgz","*.gz","*.bz2","*.zip"]
12. start_position=>"end"
13. }
14. file{
15. type=>"system_cron"
16. path=>["/var/log/cron*"]
17. exclude=>["*.tar","*.tgz","*.gz","*.bz2","*.zip"]
18. start_position=>"end"
19. }
20. file{
21. type=>"system_yum"
22. path=>["/var/log/yum.log*"]
23. exclude=>["*.tar","*.tgz","*.gz","*.bz2","*.zip"]
24. start_position=>"end"
25. }
26. file{
27. type=>"nginx_access"
28. path=>["/var/log/nginx/*access.log*"]
29. exclude=>["*.tar","*.tgz","*.gz","*.bz2","*.zip"]
30. start_position=>"end"
31. }
32. file{
33. type=>"nginx_error"
34. path=>["/var/log/nginx/*error.log*"]
35. exclude=>["*.tar","*.tgz","*.gz","*.bz2","*.zip"]
36. start_position=>"end"
37. }
38. }
39.  
40. filter{
41. if [type] == "python" {
42. multiline{
43. pattern => "^\d{4}"
44. negate => true
45. what => "previous"
46. }
47. if [type] == "tomcat" {
48. grok{
49. match=>{ "message" => ".?(?<datetime>\d{4}.\d{2}.\d{2} \d{2}.\d{2}.\d{2}(.\d{3})?).? \[(?<level>.*?),(?<logger_name>.*?),(?<thread_name>.*?),(?<assetType>.*?),(?<requestId>.*?),(?<assetId>.*?)\] %{GREEDYDATA}" }
50. }
51. }
52. if [type] == "nodejs" {
53. grok{
54. match=>{ "message" => ".?(?<datetime>\d{4}.\d{2}.\d{2} \d{2}.\d{2}.\d{2}(.\d{3})?).? \[(?<level>.*?)\] %{GREEDYDATA}" }
55. }
56. }
57. if [type] == "python" {
58. grok{
59. match=>{ "message" => ".?(?<datetime>\d{4}.\d{2}.\d{2} \d{2}.\d{2}.\d{2}(.\d{3})?).? \[(?<level>.*?),%{GREEDYDATA}" }
60. }
61. }
62. if [type] == "jenkins" {
63. grok{
64. match=>{ "message" => ".?(?<datetime>\d{4}.\d{2}.\d{2} \d{2}.\d{2}.\d{2}(.\d{3})?).? %{GREEDYDATA}" }
65. }
66. }
67. } else if [type] =~ "system_" {
68. grok{
69. match=>{ "message" => "(?<datetime>\w{3} +\d{1,2} \d{2}:\d{2}:\d{2}) %{GREEDYDATA}" }
70. }
71. } else if [type] == "nginx_access" {
72. grok{
73. match=>{ "message" => ".*(?<datetime>\d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}) %{GREEDYDATA}" }
74. }
75. } else if [type] == "nginx_error" {
76. grok{
77. match=>{ "message" => "(?<datetime>\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}) %{GREEDYDATA}" }
78. }
79. }
80. date{
81. match => [ "datetime", "YYYY-MM-dd HH:mm:ss", "YYYY-MM-dd HH:mm:ss.SSS", "YYYY-MM-dd HH:mm:ss,SSS", "YYYY/MM/dd HH:mm:ss", "YYYY/MM/dd HH:mm:ss.SSS", "YYYY/MM/dd HH:mm:ss,SSS", "YYYY.MM.dd HH:mm:ss", "YYYY.MM.dd HH:mm:ss.SSS", "YYYY.MM.dd HH:mm:ss,SSS", "MMM d HH:mm:ss", "MMM dd HH:mm:ss", "dd/MMM/YYYY:HH:mm:ss" ]
82. }
83. alter{
84. add_field => {
85. "service" => "test"
86. }
87. remove_field => [ "datetime" ]
88. }
89. if [level] == "ERROR" {
90. throttle {
91. before_count => -1
92. after_count => 1
93. period => 3600
94. key => "%{service}%{host}"
95. add_tag => "throttled"
96. }
97. }
98. }
99.  
100. output{
101. if [level] == "ERROR" and "throttled" not in [tags] {
102. hipchat{
103. room_id => "xxxxx"
104. token => "xxxxx"
105. format => "[%{service}][%{host}] %{message}"
106. }
107. }
108. }