Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- grok {
- type => "syslog"
- tags => [ "tenant_id_as_space" ]
- pattern => [ "<%{POSINT:syslog_pri}>%{TIMESTAMP_ISO8601} %{WORD:logger} %{LOGLEVEL:loglevel} %{WORD:tenant_id}: %{GREEDYDATA:syslog_message}" ]
- add_field => [ "received_at", "%{@timestamp}" ]
- add_field => [ "received_from", "%{@source_host}" ]
- add_tag => [ "%{loglevel}", "tenant_id: " ]
- replace => [ "@message", "%{syslog_message}" ]
- if "%{loglevel}" == "ERROR" /// Error
- pattern => [ "%{WORD:alert} %{GREEDYDATA:syslog_message}" ]
- add_tag => [ "%{alert}" ]
- end
- }
Advertisement
Add Comment
Please, Sign In to add comment
