gansbrest · November 21, 2014 18:33
diff --git a/gistfile1.txt b/gistfile1.txt
 input {
  tcp {
    'port' => 3333
    'type' => 'router_nginx_logs'
  }

  # Some additional inputs could be here as well
 }

 filter {
  grok { 
    'patterns_dir' => '/opt/logstash/agent/etc/patterns' 
    'add_tag' => ['router_nginx_logs_extracted'] 
    'match' => ['message', '%{NUMBER:msec}\s+%{IP:client_ip}\s+(%{WORD:remote_user}|-)\s+%{TIMESTAMP_ISO8601:logtime}\s+%{WORD:method} %{NOTSPACE:uri} (?:HTTP/%{NUMBER:version})\s+%{NUMBER:status:int}\s+(?:%{NUMBER:bytes_sent:int})\s+%{QS:referer}\s+%{QS:agent}\s+(%{WORD,country_code}|-)\s+(%{NUMBER:request_time:float}|-)\s+%{QS:http_fwd_for}\s+%{HOST:http_host}\s+(%{WORD:instance_id}|-)'] 
    'type' => 'router_nginx_logs' 
  } 

  date { 
    'type' => 'router_nginx_logs' 
    'match' => ["logtime", "yyyy-MM-dd'T'HH:mm:ssZ"] 
  } 
 }

 output {
 # Your regular outputs
 }
	input {
	tcp {
	'port' => 3333
	'type' => 'router_nginx_logs'
	}

	# Some additional inputs could be here as well
	}

	filter {
	grok {
	'patterns_dir' => '/opt/logstash/agent/etc/patterns'
	'add_tag' => ['router_nginx_logs_extracted']
	'match' => ['message', '%{NUMBER:msec}\s+%{IP:client_ip}\s+(%{WORD:remote_user}\|-)\s+%{TIMESTAMP_ISO8601:logtime}\s+%{WORD:method} %{NOTSPACE:uri} (?:HTTP/%{NUMBER:version})\s+%{NUMBER:status:int}\s+(?:%{NUMBER:bytes_sent:int})\s+%{QS:referer}\s+%{QS:agent}\s+(%{WORD,country_code}\|-)\s+(%{NUMBER:request_time:float}\|-)\s+%{QS:http_fwd_for}\s+%{HOST:http_host}\s+(%{WORD:instance_id}\|-)']
	'type' => 'router_nginx_logs'
	}

	date {
	'type' => 'router_nginx_logs'
	'match' => ["logtime", "yyyy-MM-dd'T'HH:mm:ssZ"]
	}
	}

	output {
	# Your regular outputs
	}