jkburges · September 7, 2014 23:07
diff --git a/gistfile1.rb b/gistfile1.rb
 filter {
  grok {
    match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level}%{SPACE}\[%{NOTSPACE:thread_id}\]%{SPACE}\[%{DATA:user}\]%{SPACE}%{DATA:category}%{SPACE}- %{GREEDYDATA:log_msg}" }
  }

  # Specific to portal - move to databag.
  grok {
    match => { 
      "category" => "client-log", 
      "log_msg" => "session ID: %{WORD:session_id}, message: %{GREEDYDATA:client_msg}" 
    }
  }

  date {
    match => [ "timestamp" , "ISO8601" ]
  }
 }
	filter {
	grok {
	match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level}%{SPACE}\[%{NOTSPACE:thread_id}\]%{SPACE}\[%{DATA:user}\]%{SPACE}%{DATA:category}%{SPACE}- %{GREEDYDATA:log_msg}" }
	}

	# Specific to portal - move to databag.
	grok {
	match => {
	"category" => "client-log",
	"log_msg" => "session ID: %{WORD:session_id}, message: %{GREEDYDATA:client_msg}"
	}
	}

	date {
	match => [ "timestamp" , "ISO8601" ]
	}
	}