Skip to content

Instantly share code, notes, and snippets.

@jmbataller

jmbataller/gist:ce9dea29a9ba58286ea9b947dcbe4106

Last active May 19, 2016 13:56
Show Gist options
  • Save jmbataller/ce9dea29a9ba58286ea9b947dcbe4106 to your computer and use it in GitHub Desktop.
Save jmbataller/ce9dea29a9ba58286ea9b947dcbe4106 to your computer and use it in GitHub Desktop.
Download ZIP
Sample of logstash configuration file
Raw
gistfile1.txt
Logstash config file for log4j2 pattern:
[%d{dd/MM/yyyy HH:mm:ss.SSS}][SERVICE_NAME][%-5level][%t]:[%X{correlation-id}][%c{1}.%M:%L] - %m%n
Run logstash:
> bin/logstash -f conf/logstash-syslog.conf --auto-reload
---
input {
tcp {
port => 5000
type => services
codec => multiline {
# Grok pattern names are valid! :)
pattern => "^\["
negate => true
what => previous
}
}
udp {
port => 5000
type => services
codec => multiline {
# Grok pattern names are valid! :)
pattern => "^\["
negate => true
what => previous
}
}
file {
path => "./file.log"
start_position => beginning
type => services
codec => multiline {
# Grok pattern names are valid! :)
pattern => "^\["
negate => true
what => previous
}
}
}
filter {
if [type] == "services" {
grok {
patterns_dir => ["./patterns"]
match => { "message" => "\[%{DATA:time}\]+\[%{DATA:application}\]+\[%{DATA:log_level}\]+\[%{DATA:thread}\]+:\[%{DATA:cid}\]+\[%{DATA:method}\]+ - %{GREEDYDATA:log_message}" }
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch { hosts => ["192.168.99.100:9200"] }
stdout { codec => rubydebug }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment