- Update to work with latest code

2025-04-24 14:47:19 -04:00 · 2010-10-28 11:00:27 +00:00 · 2010-10-28 11:00:27 +00:00 · 2ac9f69c55
commit 2ac9f69c55
parent 2053ceabcb
1 changed files with 8 additions and 7 deletions
--- a/etc/logstash-standalone.yaml
+++ b/etc/logstash-standalone.yaml
@ -16,19 +16,20 @@ inputs:
  apache-error:
  - /var/log/apache2/error.log
 filters:
-  grok:
+- grok:
    linux-syslog: # for logs tagged 'linux-syslog'
-      timestamp:
-        key: date
-        format: %b %e %H:%M:%S
      patterns:
      - %{SYSLOGLINE}
    apache-access: # for logs tagged 'apache-error'
-      timestamp:
-        key: timestamp
-        format: %d/%b/%Y:%H:%M:%S %Z
      patterns:
      - %{COMBINEDAPACHELOG}
+- date:
+    linux-syslog:  # for logs tagged 'linux-syslog'
+      # Look for a field 'timestamp' with this format, parse and it for the timestamp
+      # This field comes from the SYSLOGLINE pattern
+      timestamp: %b %e %H:%M:%S
+    apache-access:
+      timestamp: "%d/%b/%Y:%H:%M:%S %Z"
 outputs:
 # For this demo, we'll write to websockets...
 - stdout:///