SHOW:
|
|
- or go back to the newest paste.
| 1 | Config: | |
| 2 | ||
| 3 | input {
| |
| 4 | - | file {
|
| 4 | + | file {
|
| 5 | - | path => "c:\logstash\main.log " |
| 5 | + | path => "c:\logstash\main.log " |
| 6 | - | start_position => "beginning" |
| 6 | + | start_position => "beginning" |
| 7 | - | } |
| 7 | + | type => "main_log" |
| 8 | } | |
| 9 | } | |
| 10 | - | if [path] =~ "main" {
|
| 10 | + | |
| 11 | - | mutate { { replace => { type => "main_log" } } }
|
| 11 | + | |
| 12 | - | grok {
|
| 12 | + | if [type] == "main_log" {
|
| 13 | - | patterns_dir => "c:\logstash\patterns" |
| 13 | + | grok {
|
| 14 | - | match => [ "message", "%{TIMESTAMP_ISO8601:logtimestamp}" ]
|
| 14 | + | patterns_dir => "c:\logstash\patterns" |
| 15 | - | } |
| 15 | + | match => [ "message", "%{TIMESTAMP_ISO8601:logtimestamp}" ]
|
| 16 | - | date {
|
| 16 | + | } |
| 17 | - | match => [ "logtimestamp", "ISO8601" ] |
| 17 | + | date {
|
| 18 | - | #target => "@timestamp" |
| 18 | + | match => [ "logtimestamp", "ISO8601" ] |
| 19 | - | } |
| 19 | + | #target => "@timestamp" |
| 20 | - | } else {
|
| 20 | + | } |
| 21 | - | mutate { { replace => { type => "RANDOM" } } }
|
| 21 | + | } |
| 22 | - | } |
| 22 | + | else {
|
| 23 | mutate { { replace => { type => "RANDOM" } } }
| |
| 24 | } | |
| 25 | - | elasticsearch {
|
| 25 | + | |
| 26 | - | host => localhost |
| 26 | + | |
| 27 | - | } |
| 27 | + | |
| 28 | - | stdout { codec => rubydebug }
|
| 28 | + | elasticsearch {
|
| 29 | host => localhost | |
| 30 | } | |
| 31 | stdout { codec => rubydebug }
| |
| 32 | } |
