input { tcp { port => 5000 type => syslog } file { start_posit

1. input {
2. tcp {
3. port => 5000
4. type => syslog
5. }
6. file {
7. start_position => "beginning"
8. path => "/var/log/maxscale/maxscale.log"
9. type => "maxscale"
10. }
11. }
12.  
13. filter {
14. if [type] == "maxscale" {
15. date {
16. match => ["timestamp", "yyyy-MM-dd HH:mm:ss"]
17. }
18. grok {
19. match => {"message" => '%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Added server \'%{WORD:server_name}\' to monitor \'%{WORD:monitor_name}\''}
20. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Removed server '%{WORD:server_name}' from monitor '%{WORD:monitor_name}'"}
21. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Added server '%{WORD:server_name}' to service '%{WORD:service_name}'"}
22. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Removed server '%{WORD:server_name}' from service '%{WORD:service_name}'"}
23. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Created server '%{WORD:server_name}' at %{IPORHOST:address}:%{POSINT:port}"}
24. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Destroyed server '%{WORD:server_name}' at %{IPORHOST:address}:%{POSINT:port}"}
25. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Server changed state: %{WORD:server_name}\[%{IPORHOST:address}:%{POSINT:port}\]:%{SPACE}%{DATA}\.%{SPACE}\[%{GREEDYDATA:previous_state}\] -> \[%{GREEDYDATA:state}\]"}
26. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Created monitor '%{WORD:monitor_name}'"}
27. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Destroyed monitor '%{WORD:monitor_name}'\. The monitor will be removed after the next restart of MaxScale."}
28. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Created listener '%{WORD:listener_name}' at %{IPORHOST:address}:%{POSINT:port} for service '%{WORD:service_name}'"}
29. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Destroyed listener '%{WORD:listener_name}' for service '%{WORD:service_name}'. The listener will be removed after the next restart of MaxScale."}
30. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}\[%{WORD:listener_name}\] Initializing statement-based read/write split router module."}
31. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE} Loaded module %{WORD:module_name}:%{SPACE}V%{INT:version_major}\.%{INT:version_minor}\.%{INT:version_patch} from %{PATH:module_path}"}
32. match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Listening connections at %{IPORHOST:address}:%{POSINT:port} with protocol %{WORD:protocol}"}
33. }
34. }
35. }
36.  
37.  
38. ## Add your filters / logstash plugins configuration here
39.  
40. output {
41. elasticsearch {
42. hosts => "elasticsearch:9200"
43. user => "elastic"
44. password => "changeme"
45. }
46. }