SHOW:
|
|
- or go back to the newest paste.
1 | # Where to get input | |
2 | input { | |
3 | # NAGIOS input | |
4 | beats { | |
5 | port => 5044 | |
6 | ssl => false | |
7 | tags => ["nagios"] | |
8 | type => "nagios" | |
9 | } | |
10 | } | |
11 | ||
12 | # Some Filtering | |
13 | filter { | |
14 | #Nagios filter | |
15 | if [type] == "nagios" { | |
16 | grok { | |
17 | match => { "message" => "%{NAGIOSLOGLINE}" } | |
18 | } | |
19 | } | |
20 | } | |
21 | ||
22 | # Where to send output | |
23 | output { | |
24 | # Send output to standard output device/interface | |
25 | stdout { | |
26 | codec => rubydebug | |
27 | } | |
28 | ||
29 | # Parse failed messages to separate index | |
30 | if "_grokparsefailure" in [tags] { | |
31 | elasticsearch { | |
32 | # host => ["localhost:9200"] | |
33 | # host => ["ES_CONN_STR"] | |
34 | - | # host => ["elasticsearch:9200"] |
34 | + | host => ["elasticsearch:9200"] |
35 | index => "cgidev-parse-err-%{+YYYY.MM.dd}" | |
36 | protocol => "http" | |
37 | user => logstash | |
38 | password => logstash | |
39 | } | |
40 | } | |
41 | ||
42 | # Elasticsearch output | |
43 | elasticsearch { | |
44 | # host => ["localhost:9200"] | |
45 | # host => ["ES_CONN_STR"] | |
46 | host => ["elasticsearch:9200"] | |
47 | index => "cgidev-logstash-%{+YYYY.MM.dd}" | |
48 | protocol => "http" | |
49 | user => logstash | |
50 | password => logstash | |
51 | } | |
52 | } |