Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input{
- beats{
- port => 5044
- }
- }
- filter {
- if [log][file][path] =~ "/var/log/commands.log" {
- grok{
- match => { "message" => "\[(%{TIMESTAMP_ISO8601:sys_timestamp})\]\s(?<field1>[0-9a-zA-Z_-]+)\s(?<field2>[0-9a-zA-Z_-]+)\:USER=(?<fi$
- }
- }
- }
- }
- output{
- elasticsearch {
- # manage_template => false
- hosts => ["localhost:9200"]
- index => "cleandata"
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
