Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- lumberjack {
- port => my_port
- ssl_certificate => "my.crt"
- ssl_key => "my.key"
- }
- file {
- path => "/var/log/ciscoswitch.log"
- type => "switch_cisco"
- }
- }
- filter {
- if [type] == "jboss_application_log" {
- grok {
- match => [ "file", "/usr/local/jboss/server/%{NOTSPACE:instance}/log/apps/%{NOTSPACE:application}/aplicacion_error.log"]
- tag_on_failure => "jboss_application_log_parsefailure"
- }
- mutate { replace => { "host" => "a_host" } }
- }
- if [type] == "jboss_server_log" {
- multiline {
- pattern => "^\d"
- negate => true
- what => "previous"
- }
- grok {
- match => [ "message", "%{JBOSSMESSAGE:jboss_message}" ]
- remove_field => "jboss_message"
- tag_on_failure => "jboss_server_log_parsefailure"
- }
- date {
- match => [ "timestamp", "yyyy-MM-dd HH:mm:ss,SSS" ]
- locale => "en"
- timezone => "a_time_zone"
- remove_field => "timestamp"
- }
- }
- if [type] == "jboss_tomcat_log" {
- grok {
- match => [ "message", "%{TOMCATMESSAGE:tomcat_message}" ]
- remove_field => "tomcat_message"
- tag_on_failure => "jboss_tomcat_log_parsefailure"
- }
- useragent {
- source => "agent"
- }
- geoip {
- source => "geoip.location"
- }
- }
- if [type] == "switch_cisco" {
- grok {
- match => [ "message", "%{SWITCHESCISCO:cisco_message}" ]
- remove_field => "cisco_message"
- tag_on_failure => "switch_cisco_parsefailure"
- }
- }
- }
- output {
- elasticsearch_http {
- host => "an_ip"
- index => "logstash-%{[type]}-%{+YYYY.MM.dd}"
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement