rfay · July 23, 2013 18:44
diff --git a/gistfile1.txt b/gistfile1.txt
  grok {
    tags => [ "Drupal" ]
    match => [ "@message", "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_host} *drupal: *https?://%{HOSTNAME:drupal_vhost}\|(?<drupal_full_message>.*)" ]
  }

  csv {
    tags => [ "Drupal" ]
    separator => "|"
    source => "@fields.drupal_full_message"
    columns => [ "drupal_timestamp", "drupal_type", "drupal_client_ip", "drupal_request_uri", "drupal_referrer", "drupal_severity", "drupal_message" ]
  }
	grok {
	tags => [ "Drupal" ]
	match => [ "@message", "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_host} drupal: https?://%{HOSTNAME:drupal_vhost}\\|(?<drupal_full_message>.*)" ]
	}

	csv {
	tags => [ "Drupal" ]
	separator => "\|"
	source => "@fields.drupal_full_message"
	columns => [ "drupal_timestamp", "drupal_type", "drupal_client_ip", "drupal_request_uri", "drupal_referrer", "drupal_severity", "drupal_message" ]
	}