From 2ac9f69c552adebfda25c2a85e9898be36e6fc66 Mon Sep 17 00:00:00 2001
From: Jordan Sissel <jls@semicomplete.com>
Date: Thu, 28 Oct 2010 11:00:27 +0000
Subject: [PATCH] - Update to work with latest code

---
 etc/logstash-standalone.yaml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/etc/logstash-standalone.yaml b/etc/logstash-standalone.yaml
index d026d8d04..1e75025d0 100644
--- a/etc/logstash-standalone.yaml
+++ b/etc/logstash-standalone.yaml
@@ -16,19 +16,20 @@ inputs:
   apache-error:
   - /var/log/apache2/error.log
 filters:
-  grok:
+- grok:
     linux-syslog: # for logs tagged 'linux-syslog'
-      timestamp:
-        key: date
-        format: %b %e %H:%M:%S
       patterns:
       - %{SYSLOGLINE}
     apache-access: # for logs tagged 'apache-error'
-      timestamp:
-        key: timestamp
-        format: %d/%b/%Y:%H:%M:%S %Z
       patterns:
       - %{COMBINEDAPACHELOG}
+- date:
+    linux-syslog:  # for logs tagged 'linux-syslog'
+      # Look for a field 'timestamp' with this format, parse and it for the timestamp
+      # This field comes from the SYSLOGLINE pattern
+      timestamp: %b %e %H:%M:%S
+    apache-access:
+      timestamp: "%d/%b/%Y:%H:%M:%S %Z"
 outputs:
 # For this demo, we'll write to websockets...
 - stdout:///