View difference between Paste ID: <a href="/EMAvu52K">EMAvu52K</a> and <a href="/UYiE3MBB">UYiE3MBB</a>

# Where to get input
1		# Where to get input
2		input {
3	-	# syslog inputs
3	+
4	-	tcp {
4	+
5	-	port => 5000
5	+
6	-	type => "syslog"
6	+
7		tags => ["nagios"]
8	-	udp {
8	+
9	-	port => 5000
9	+
10	-	type => "syslog"
10	+
11
12		# Some Filtering
13		filter {
14		#Nagios filter
15		if [type] == "nagios" {
16		grok {
17		match => { "message" => "%{NAGIOSLOGLINE}" }
18		}
19		}
20		}
21	-	# Logspout input
21	+
22	-	tcp {
22	+
23	-	codec => "json_lines"
23	+
24	-	port => 5006
24	+
25	-	tags => ["docker"]
25	+
26	-	type => "logspout"
26	+
27		}
28
29	-	# Log4j application input
29	+
30	-	log4j {
30	+
31	-	codec => "json_lines"
31	+
32	-	port => 4560
32	+
33	-	tags => ["applogs"]
33	+
34	-	type => "log4j"
34	+
35		protocol => "http"
36		user => logstash
37		password => logstash
38		}
39		}
40	-	# syslog filter
40	+
41	-	if [type] == "syslog" {
41	+
42		elasticsearch {
43	-	match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
43	+
44	-	add_field => [ "received_at", "%{@timestamp}" ]
44	+
45	-	add_field => [ "received_from", "%{host}" ]
45	+
46		protocol => "http"
47	-	syslog_pri { }
47	+
48	-	date {
48	+
49	-	match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
49	+
50		}