Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1. filebeat.yml (not full file, other lines are default except connection to logstash):
- filebeat.inputs:
- #multiline.type: pattern
- #multiline.pattern: '^\[[0-9]{4}-[0-9]{2}-[0-9]{2}'
- #multiline.negate: true
- #multiline.match: after
- - type: log
- processors:
- - drop_event:
- when:
- regexp:
- message: "DEBUG -- :"
- #- include_fields:
- # fields: ["deviceId", "productId", "lang_from", "lang_to", "text"]
- enabled: true
- paths:
- - /home/passenger/translation-worker/log/production.log
- # - /home/passenger/translation-worker/log/sidekiq.log
- fields:
- tworker: 1
- #- type: filestream
- # enabled: false
- # paths:
- # - /var/log/*.log
- 2. logstash config file placed in conf.d/general.conf:
- input {
- beats {
- client_inactivity_timeout => 600
- port => 5045
- ssl => true
- ssl_certificate_authorities => ["/etc/logstash/test2/ca.crt"]
- ssl_certificate => "/etc/logstash/test2/logstash.crt"
- ssl_key => "/etc/logstash/test2/logstash.key"
- ssl_verify_mode => "force_peer"
- }
- }
- filter {
- grok {
- patterns_dir => ["/etc/logstash/patterns"]
- match => { "message" => "%{DEVICE_ID:device_id} %{PRODUCT_ID:product_id} %{LANG:lang_from} %{LANG:lang_to} %{TEXT:text}" }
- }
- }
- output {
- elasticsearch {
- hosts => ["http://localhost:9200"]
- index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
- user => "${user}"
- password => "${password}"
- }
- stdout { codec => rubydebug }
- }
- 3. Patterns from /etc/logstash/patterns:
- DEVICE_ID [0-9A-Z\!@#$%^&*()._]{11,16}
- LANG [a-z]{2}
- PRODUCT_ID aaa.bbbbb\.[0-9a-zA-Z]{4,11}\.*[0-9a-zA-Z\_]{1,}\.*[0-9a-zA-Z\_]{1,}\.*[0-9a-zA-Z\_]{1,}
- TEXT [0-9a-zA-Z]{1,}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement