input { file { type => "varnishncsa" path => "/var/log/

1. input {
2. file {
3. type => "varnishncsa"
4. path => "/var/log/varnish/varnishncsa*"
5. exclude => "*.gz"
6. start_position => beginning
7. sincedb_path => "/var/tmp/.sincedb"
8. debug => true
9. }
10. }
11.  
12. output {
13. redis { host => "elasticlog01.example.dk" data_type => "list" key => "logstash" }
14. stdout {
15. debug => true
16. }
17. }
18.  
19. filter {
20. grok {
21. type => "varnishncsa"
22. #logstash <1.2
23. pattern => ["\[%{DATA:time}\] %{WORD:method} %{DATA:url} %{NOTSPACE:protocol} %{NUMBER:returncode} %{NOTSPACE:bytes} %{NUMBER:time_firstbyte} %{WORD:handling} %{IP:client}", "\[%{DATA:time}\] %{WORD:method} %{DATA:url} %{NOTSPACE:protocol} %{NUMBER:returncode} %{NOTSPACE:bytes} %{NUMBER:time_firstbyte} %{WORD:handling} -"]
24. #logstash 1.2+
25. #match => [ "message", "\[%{DATA:time}\] %{WORD:method} %{DATA:url} %{NOTSPACE:protocol} %{NUMBER:returncode} %{NUMBER:bytes} %{NUMBER:time_firstbyte} %{WORD:handling} %{IP:client}" ]
26. # pattern:[11/Sep/2013:10:32:56 +0200] GET http://yousee.tv/amf_gateway/ HTTP/1.1 404 346 0.000017166 hit 87.50.52.240
27. # created by: varnishncsa -F '%t %r %s %b %{Varnish:time_firstbyte}x %{Varnish:handling}x %{X-Forwarded-For}i'
28. }
29. #make sure we use the timestamp in output as date for logentry
30. date {
31. type => "varnishncsa"
32. locale => "en"
33. time => "dd/MMM/YYYY:HH:mm:ss Z"
34. #1.2+
35. #match => [ "time_local" , "dd/MMM/YYYY:HH:mm:ss Z" ]
36. }
37. }