Skip to content

Instantly share code, notes, and snippets.

@objectiveSee
Created March 2, 2015 05:00
Show Gist options
  • Save objectiveSee/9d3c51edea493b85c120 to your computer and use it in GitHub Desktop.
Save objectiveSee/9d3c51edea493b85c120 to your computer and use it in GitHub Desktop.
## EVILBASE %{TIMESTAMP_ISO8601:pickles} - %{LOGLEVEL:level}:
grok {
match => { "message" => "%{EVILBASE}%{GREEDYDATA}" }
}
date {
match => [ "pickles" , "ISO8601" ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment