td-agent.conf

### install td-agent
wget https://toolbelt.treasuredata.com/sh/install-redhat-td-agent3.sh
chmod +x install-redhat-td-agent3.sh
./install-redhat-td-agent3.sh
chkconfig td-agent on
/usr/sbin/td-agent-gem install fluent-plugin-ua-parser
service td-agent start



### Client (Sender)
# /etc/td-agent/td-agent.conf
<source>
  type tail
  path /var/log/httpd/access_log
  pos_file /var/log/td-agent/access_log.pos
  #format apache2
  format /^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?/
  time_format %d/%b/%Y:%H:%M:%S %z
  tag apache.access.dev
</source>

<filter apache.access.dev>
  @type grep
  <exclude>
    key agent
    pattern /^ELB/
  </exclude>
</filter>

<filter apache.access.dev>
  @type record_transformer
  <record>
    env_name "dev"
    tag_name ${tag}
  </record>
</filter>

<match apache.access.dev>
  @type forward

  flush_interval 3s

  <server>
    name log_server
    host xx.xx.xx.xx   # CHANGE HERE
    port 24224
  </server>
</match>



### Server (Receiver)
<match apache.access.dev>
  type elasticsearch
  host localhost
  port 9200
  type_name access_log
  logstash_format true
  flush_interval 10s
</match>