SHOW:
|
|
- or go back to the newest paste.
| 1 | # Where to get input | |
| 2 | input {
| |
| 3 | # NAGIOS input | |
| 4 | beats {
| |
| 5 | port => 5044 | |
| 6 | ssl => false | |
| 7 | tags => ["nagios"] | |
| 8 | type => "nagios" | |
| 9 | } | |
| 10 | } | |
| 11 | ||
| 12 | # Some Filtering | |
| 13 | filter {
| |
| 14 | #Nagios filter | |
| 15 | if [type] == "nagios" {
| |
| 16 | grok {
| |
| 17 | match => { "message" => "%{NAGIOSLOGLINE}" }
| |
| 18 | } | |
| 19 | } | |
| 20 | } | |
| 21 | ||
| 22 | # Where to send output | |
| 23 | output {
| |
| 24 | # Send output to standard output device/interface | |
| 25 | stdout {
| |
| 26 | codec => rubydebug | |
| 27 | } | |
| 28 | ||
| 29 | # Parse failed messages to separate index | |
| 30 | if "_grokparsefailure" in [tags] {
| |
| 31 | elasticsearch {
| |
| 32 | # host => ["localhost:9200"] | |
| 33 | # host => ["ES_CONN_STR"] | |
| 34 | - | # host => ["elasticsearch:9200"] |
| 34 | + | host => ["elasticsearch:9200"] |
| 35 | index => "cgidev-parse-err-%{+YYYY.MM.dd}"
| |
| 36 | protocol => "http" | |
| 37 | user => logstash | |
| 38 | password => logstash | |
| 39 | } | |
| 40 | } | |
| 41 | ||
| 42 | # Elasticsearch output | |
| 43 | elasticsearch {
| |
| 44 | # host => ["localhost:9200"] | |
| 45 | # host => ["ES_CONN_STR"] | |
| 46 | host => ["elasticsearch:9200"] | |
| 47 | index => "cgidev-logstash-%{+YYYY.MM.dd}"
| |
| 48 | protocol => "http" | |
| 49 | user => logstash | |
| 50 | password => logstash | |
| 51 | } | |
| 52 | } |
