Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- syslog {
- port => 514
- type => "syslog"
- }
- }
- filter {
- grok {
- match => [ 'message', '<%{POSINT:pri}>%{SYSLOGTIMESTAMP:timestamp} %{IPORHOST:hostname} %{WORD:app_name} %{WORD:level} %{GREEDYDATA:message}' ]
- add_tag => [ "match1 greedy" ]
- tag_on_failure => [ "not a _grokparsefailure_honest" ]
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
