input { syslog { type => "game_event" }}filter { grokdm {

1. input {
2. syslog {
3. type => "game_event"
4. }
5. }
6.  
7. filter {
8. grokdm {
9. type => "game_event"
10. pattern => [
11. "php-cgi: v2 %{NOTSPACE:event} % %{NOTSPACE:game_id} % %{NOTSPACE:sn_id} % %{NOTSPACE:game_version} % %{NOTSPACE:player_id} % %{NOTSPACE:bck} %(?: %{NOTSPACE:arg1})?(?: % %{NOTSPACE:arg2})?(?: % %{NOTSPACE:arg3})?(?: % %{NOTSPACE:arg4})?(?: % %{NOTSPACE:arg5})?(?: % %{NOTSPACE:arg6})?(?: % %{NOTSPACE:arg7})?(?: % %{NOTSPACE:arg8})?",
12. "php-cgi: v1 %{NOTSPACE:event} % %{NOTSPACE:game_id} % %{NOTSPACE:sn_id} % %{NOTSPACE:player_id} % %{NOTSPACE:bck} %(?: %{NOTSPACE:arg1})?(?: % %{NOTSPACE:arg2})?(?: % %{NOTSPACE:arg3})?(?: % %{NOTSPACE:arg4})?(?: % %{NOTSPACE:arg5})?(?: % %{NOTSPACE:arg6})?",
13. "php-cgi: %{NOTSPACE:event} % %{NOTSPACE:game_id} % %{NOTSPACE:player_id} % %{NOTSPACE:bck} %(?: %{NOTSPACE:arg1})?(?: % %{NOTSPACE:arg2})?(?: % %{NOTSPACE:arg3})?(?: % %{NOTSPACE:arg4})?(?: % %{NOTSPACE:arg5})?(?: % %{NOTSPACE:arg6})?"
14. ]
15. }
16. }
17.  
18. output {
19. # Emit events to stdout for easy debugging of what is going through
20. # logstash.
21. # stdout { }
22.  
23. # This will use elasticsearch to store your logs.
24. # The 'embedded' option will cause logstash to run the elasticsearch
25. # server in the same process, so you don't have to worry about
26. # how to download, configure, or run elasticsearch!
27. elasticsearch { embedded => true }
28.  
29. #Disabled in test, enable for production
30. #gelf {
31. # host => "graylog.2mundos.net"
32. # sender => "playerlogs"
33. # level => "info"
34. # facility => "logstash"
35. #}
36. }