Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@elkstack:/etc/kibana# cd /etc/logstash/conf.d/
- root@elkstack:/etc/logstash/conf.d# ls
- 02-beats-input.conf 10-syslog-filter.conf 30-elasticsearch-output.conf
- root@elkstack:/etc/logstash/conf.d# cat 02-beats-input.conf
- input {
- beats {
- port => 5044
- }
- }
- root@elkstack:/etc/logstash/conf.d# cat 10-syslog-filter.conf
- filter {
- if [type] == "syslog" {
- grok {
- match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
- add_field => [ "received_at", "%{@timestamp}" ]
- add_field => [ "received_from", "%{host}" ]
- }
- syslog_pri { }
- date {
- match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
- }
- }
- }
- root@elkstack:/etc/logstash/conf.d# cat 30-elasticsearch-output.conf
- output {
- elasticsearch {
- hosts => ["localhost:9200"]
- sniffing => true
- manage_template => false
- index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
- document_type => "%{[@metadata][type]}"
- }
- }
- root@elkstack:/etc/logstash/conf.d#
Add Comment
Please, Sign In to add comment
