Created
May 27, 2014 12:18
-
-
Save omares/972a6e1240c6c6942cd9 to your computer and use it in GitHub Desktop.
filters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [27-May-2014 14:10:18] WARNING: [pool rebuy] child 3963 said into stderr: "NOTICE: PHP message: PHP Fatal error: Uncaught exception 'Exception' with message 'test exception' in /foo/htdocs/index.php:4" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| if [type] == "php-log" { | |
| mutate { | |
| add_field => { "facility" => "php" } | |
| } | |
| multiline { | |
| pattern => "^\[" | |
| what => "previous" | |
| negate => true | |
| } | |
| grok { | |
| patterns_dir => [ "/etc/logstash/patterns/" ] | |
| match => { "message" => "%{PHPERRORLOG}" } | |
| } | |
| date { | |
| match => ["timestamp", "dd-MMM-yyyy HH:mm:ss Z", "dd-MMM-yyyy HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss", "yyyy-MM-dd HH:mm:ss", "MMM dd HH:mm:ss yyyy" ] | |
| } | |
| } | |
| if [type] == "php-fpm-log" { | |
| mutate { | |
| add_field => { "facility" => "php-fpm" } | |
| } | |
| grok { | |
| patterns_dir => [ "/etc/logstash/patterns/" ] | |
| match => [ | |
| "message", "%{PHPFPMERRORLOG}" | |
| ] | |
| overwrite => [ "path" ] | |
| } | |
| grok { | |
| patterns_dir => [ "/etc/logstash/patterns/" ] | |
| match => [ | |
| "path", "%{PHPNOTCOLON}:%{NUMBER:line}" | |
| ] | |
| overwrite => [ "line" ] | |
| } | |
| date { | |
| match => ["timestamp", "dd-MMM-yyyy HH:mm:ss Z", "dd-MMM-yyyy HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss", "yyyy-MM-dd HH:mm:ss", "MMM dd HH:mm:ss yyyy" ] | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PHPNOTCOLON [^:]* | |
| PHPLOGTIMESTAMP (%{MONTHDAY}-%{MONTH}-%{YEAR}|%{YEAR}-%{MONTHNUM}-%{MONTHDAY})[T ]%{HOUR}:%{MINUTE}:%{SECOND} | |
| PHPTZ ([0-9]+Z|[A-Z]+|[A-Za-z]+/[A-Za-z]+) | |
| PHPTIMESTAMP \[%{PHPLOGTIMESTAMP:timestamp}(?:\s+%{PHPTZ:timezone}|)\] | |
| PHPSEVERITY PHP%{SPACE}%{PHPNOTCOLON:severity} | |
| PHPFPMPOOL \[pool %{WORD:pool}\] | |
| PHPFPMCHILD child %{NUMBER:childid} | |
| PHPFPMSTREAM said into %{WORD:stream}: | |
| PHPERRORLOG %{PHPTIMESTAMP} %{PHPSEVERITY}:{0,1} %{DATA:short_message} | |
| PHPFPMERRORLOG %{PHPTIMESTAMP} %{WORD}: %{PHPFPMPOOL} %{PHPFPMCHILD} %{PHPFPMSTREAM} "%{WORD}: PHP message: %{PHPSEVERITY}:{0,1}:%{SPACE}%{DATA:short_message} in %{PATH:path}( on line %{NUMBER:line})?" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment