input { file { path => "C:\ELK\logstash\data\b.log" start_posit

1. input {
2. file {
3. path => "C:\ELK\logstash\data\b.log"
4. start_position => beginning
5. ignore_older => 0
6.  
7. #This configuration uses the multiline codec to specify that any line that does not begin with a timestamp belongs to the previous line.
8. codec => multiline {
9. pattern => "^%{TIMESTAMP_ISO8601} "
10. negate => true
11. what => previous
12. }
13.  
14. }
15. }
16.  
17. filter {
18.  
19. grok {
20. patterns_dir => ["./patterns"]
21. match => [ "message", "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{FUSE:Fuse}%{SPACE}\[%{HOSTNAME:From}\]%{SPACE}(%{WORD:LogLevel}%{SPACE}\|%{SPACE}%{WORD:Operation}%{SPACE}\|%{SPACE}%{NOTSPACE:GUID}%{SPACE}\|%{SPACE}%{SENTENCE:Component}%{SPACE}\|%{SPACE}%{COMPLEX_WORD:Message})?(%{SPACE}%{COMPLEX_MESSAGE:Message})?(%{SPACE}\|%{SPACE}%{GREEDYDATA:XMLText})?" ]
22. }
23.  
24. #mutate { remove_field => [ "message","@version","@timestamp","path","host","type","tags" ] }
25.  
26. #mutate { remove_field => [ "@version","@timestamp","path","host","type","tags" ] }
27.  
28. }
29.  
30. output {
31.  
32. file { path => "C:\ELK\logstash\data\aout.log" }
33. elasticsearch {
34. hosts => ["localhost:9200"]
35. }
36.  
37. stdout {
38. }
39. #jdbc {
40. #driver_class => "oracle.jdbc.driver.OracleDriver"
41. #driver_jar_path => "C:\logstash-2.3.4\bin\ojdbc7.jar"
42. #connection_string => "jdbc:oracle:thin:EI_APP/EI_APP@10.68.68.238:1521:OSBDB"
43. #statement => [ "CALL EI_APP.INSERT_LOG_P(?, ?, ?, ?, ?, ?, ?, ?, ?)", "timestamp", "Fuse", "From", "LogLevel", "Operation", "GUID", "Component", "Message", "XMLText" ]
44. #}
45.  
46. }