Created
March 1, 2018 19:47
-
-
Save sametsazak/e8dba39e37b6c0c3c1307ff65e5a4a3b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| tcp { | |
| port => 5000 | |
| type => syslog | |
| } | |
| } | |
| filter { | |
| if [type] == "syslog" { | |
| grok { | |
| match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } | |
| add_field => [ "received_at", "%{@timestamp}" ] | |
| add_field => [ "received_from", "%{host}" ] | |
| } | |
| date { | |
| match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] | |
| } | |
| } | |
| } | |
| output { | |
| if [type] == "syslog" { | |
| stdout { codec => rubydebug } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment