mirror of
https://github.com/elastic/logstash.git
synced 2025-04-21 13:18:16 -04:00
53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
---
|
|
inputs:
|
|
all:
|
|
- amqp://activemq/topic/logstash-events
|
|
linux-syslog:
|
|
- /var/log/messages
|
|
- /var/log/kern.log
|
|
- /var/log/auth.log
|
|
- /var/log/user.log
|
|
apache-access:
|
|
- /var/log/apache2/access.log
|
|
apache-error:
|
|
- /var/log/apache2/error.log
|
|
testing:
|
|
- /tmp/logstashtest.log
|
|
filters:
|
|
- grok:
|
|
linux-syslog: # for logs of type 'linux-syslog'
|
|
patterns:
|
|
- %{SYSLOGLINE}
|
|
apache-access: # for logs of type 'apache-error'
|
|
patterns:
|
|
- %{COMBINEDAPACHELOG}
|
|
nagios:
|
|
patterns:
|
|
- %{NAGIOSLOGLINE}
|
|
loggly:
|
|
patterns:
|
|
- %{JAVASTACKTRACEPART}
|
|
testing:
|
|
patterns:
|
|
- %{JAVASTACKTRACEPART}
|
|
- date:
|
|
linux-syslog: # for logs of type 'linux-syslog'
|
|
# Look for a field 'timestamp' with this format, parse and it for the timestamp
|
|
# This field comes from the SYSLOGLINE pattern
|
|
timestamp: "%b %e %H:%M:%S"
|
|
timestamp8601: ISO8601
|
|
apache-access:
|
|
timestamp: "%d/%b/%Y:%H:%M:%S %Z"
|
|
nagios:
|
|
epochtime: %s
|
|
- multiline:
|
|
supervisorlogs:
|
|
pattern: ^\s
|
|
what: previous
|
|
testing:
|
|
pattern: ^\s
|
|
what: previous
|
|
outputs:
|
|
- stdout:///
|
|
#- elasticsearch://localhost:9200/logstash/all
|
|
- "elasticsearch://localhost:9200/logstash/all_river?method=river&type=rabbitmq&host=activemq&user=guest&pass=guest&vhost=/&queue=es"
|