Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- amqp {
- exchange_type => "topic"
- name => "logqueue1"
- port => 5672
- type => "json_event"
- debug => false
- host => "logqueue1"
- password => "logstash"
- user => "logstash"
- durable => false
- vhost => "/raw_logs"
- }
- }
- filter {
- multiline {
- pattern => "^\tat.*"
- type => "mccommon"
- what => "previous"
- }
- multiline {
- pattern => "^\w*[0-9]:in `.*"
- type => "mccommon"
- what => "previous"
- }
- multiline {
- pattern => "^([a-zA-Z0-9-]+\.)+[A-Za-z0-9]+(: ([a-zA-Z0-9-]+\.)+[A-Za-z0-9]+)?$"
- type => "mccommon"
- what => "previous"
- }
- grep {
- negate => true
- listenerError => "^.*error in listener, dont know what to do, continuing."
- }
- grok {
- pattern => "%{TIMESTAMP_ISO8601:timestamp} [|] (?:%{guid=(?:\w{8}-(?:\w{4}-){3}\w{12})}|\s)? [|] \s*%{level=(?:TRACE|DEBUG|FATAL|ERROR|WARN|INFO)} [|] (?:%{JAVACLASS:javaclass}|%{WORD:javaclass}) [|] %{DATA:thread}? [|].*"
- type => "mccommon"
- }
- date {
- timestamp => "yyyy-MM-dd HH:mm:ss,SSS"
- type => "mccommon"
- }
- multiline {
- pattern => "^ \S+:-?\d+(:in `.+')?$"
- type => "trinidad"
- what => "previous"
- }
- multiline {
- pattern => "^\tfrom.*"
- type => "trinidad"
- what => "previous"
- }
- multiline {
- pattern => "^\s:[0-9]+$"
- type => "trinidad"
- what => "previous"
- }
- multiline {
- pattern => "^$"
- type => "trinidad"
- what => "previous"
- }
- grok {
- pattern => ["%{timestamp=%{MONTH} %{MONTHDAY}, %{YEAR} 1?\d:%{MINUTE}:%{SECOND} (?:A|P)M} (?:%{JAVACLASS:javaclass}|%{javaclass=[A-Za-z0-9.$]+}) <?%{javamethod=\w+}>?", "%{RUBY_LOGLEVEL:level}: %{exception=\w+(?:[:]{2}\w+)? -.*:$}", "%{RUBY_LOGLEVEL:level}: %{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] \"%{WORD:verb} %{URIPATHPARAM:request} (?:HTTP/%{NUMBER:httpversion})?\" %{NUMBER:response} (?:%{NUMBER:bytes:int}|-) (?:%{NUMBER:responsetime:float}|-)", "%{RUBY_LOGLEVEL:level}: .*"]
- type => "trinidad"
- }
- multiline {
- pattern => "^(DEBUG|FATAL|ERROR|WARN|INFO):"
- type => "trinidad"
- what => "previous"
- }
- date {
- timestamp => "MMM dd, yyyy h:mm:ss a"
- type => "trinidad"
- }
- grok {
- pattern => "%{COMBINEDAPACHELOG} %{QS:xforwardedfor} %{NUMBER:request_time:float}"
- type => "nginxaccess"
- }
- date {
- timestamp => "dd/MMM/YYYY:HH:mm:ss Z"
- type => "nginxaccess"
- }
- grok {
- pattern => "%{timestamp=%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND}} \[%{level=(?:debug|info|notice|warn|error|crit)}\] %{INT:pid}#%{INT:thread}: \*%{INT:connection} %{DATA:error_message}, client: %{IPORHOST:client}, server: %{IPORHOST:server}, request: \"%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}\",(?: upstream: \"%{URI:upstream_uri}\",)? host: \"(?:%{IPORHOST:host}|%{HOSTPORT:host})?\""
- type => "nginxerror"
- }
- }
- output {
- amqp {
- exchange_type => "topic"
- name => "logqueue2"
- port => 5672
- debug => false
- host => "logqueue2"
- password => "logstash"
- user => "logstash"
- durable => false
- vhost => "/filtered_logs"
- }
- }
Add Comment
Please, Sign In to add comment