-
-
Save oksuz/f8450b5a76f9949ab70a to your computer and use it in GitHub Desktop.
filters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [27-May-2014 14:10:18] WARNING: [pool rebuy] child 3963 said into stderr: "NOTICE: PHP message: PHP Fatal error: Uncaught exception 'Exception' with message 'test exception' in /foo/htdocs/index.php:4" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| if [type] == "php-log" { | |
| mutate { | |
| add_field => { "facility" => "php" } | |
| } | |
| multiline { | |
| pattern => "^\[" | |
| what => "previous" | |
| negate => true | |
| } | |
| grok { | |
| patterns_dir => [ "/etc/logstash/patterns/" ] | |
| match => { "message" => "%{PHPERRORLOG}" } | |
| } | |
| date { | |
| match => ["timestamp", "dd-MMM-yyyy HH:mm:ss Z", "dd-MMM-yyyy HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss", "yyyy-MM-dd HH:mm:ss", "MMM dd HH:mm:ss yyyy" ] | |
| } | |
| } | |
| if [type] == "php-fpm-log" { | |
| mutate { | |
| add_field => { "facility" => "php-fpm" } | |
| } | |
| grok { | |
| patterns_dir => [ "/etc/logstash/patterns/" ] | |
| match => [ | |
| "message", "%{PHPFPMERRORLOG}" | |
| ] | |
| overwrite => [ "path" ] | |
| } | |
| grok { | |
| patterns_dir => [ "/etc/logstash/patterns/" ] | |
| match => [ | |
| "path", "%{PHPNOTCOLON}:%{NUMBER:line}" | |
| ] | |
| overwrite => [ "line" ] | |
| } | |
| date { | |
| match => ["timestamp", "dd-MMM-yyyy HH:mm:ss Z", "dd-MMM-yyyy HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss", "yyyy-MM-dd HH:mm:ss", "MMM dd HH:mm:ss yyyy" ] | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PHPNOTCOLON [^:]* | |
| PHPLOGTIMESTAMP (%{MONTHDAY}-%{MONTH}-%{YEAR}|%{YEAR}-%{MONTHNUM}-%{MONTHDAY})[T ]%{HOUR}:%{MINUTE}:%{SECOND} | |
| PHPTZ ([0-9]+Z|[A-Z]+|[A-Za-z]+/[A-Za-z]+) | |
| PHPTIMESTAMP \[%{PHPLOGTIMESTAMP:timestamp}(?:\s+%{PHPTZ:timezone}|)\] | |
| PHPSEVERITY PHP%{SPACE}%{PHPNOTCOLON:severity} | |
| PHPFPMPOOL \[pool %{WORD:pool}\] | |
| PHPFPMCHILD child %{NUMBER:childid} | |
| PHPFPMSTREAM said into %{WORD:stream}: | |
| PHPERRORLOG %{PHPTIMESTAMP} %{PHPSEVERITY}:{0,1} %{DATA:short_message} | |
| PHPFPMERRORLOG %{PHPTIMESTAMP} %{WORD}: %{PHPFPMPOOL} %{PHPFPMCHILD} %{PHPFPMSTREAM} "%{WORD}: PHP message: %{PHPSEVERITY}:{0,1}:%{SPACE}%{DATA:short_message} in %{PATH:path}( on line %{NUMBER:line})?" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment