vpnwall-services/LOGSTASH-101.md

Last active April 21, 2024 21:29

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/vpnwall-services/a1255abd95bbd68a2fcfc235406fba51.js"></script>
Save vpnwall-services/a1255abd95bbd68a2fcfc235406fba51 to your computer and use it in GitHub Desktop.

Download ZIP

[LOGSTASH 101] Logstash 101 #logstash #linux #debian

Raw

LOGSTASH-101.md

LOGSTASH 101

Debug pipeline:

input {
  pipeline {
    address => apache2
  }
}

filter {

  grok {
    match => { "message" => '\*\*(?<response_time>[^/]+)%{DATA:after_double_star}\*\*' }
  }

   grok {
       match => [
           "message" , "%{COMBINEDAPACHELOG}"
       ]
   }
  if [response_time] {
    mutate {
      convert => { "response_time" => "integer" }
    }
  }
}

output {
    elasticsearch {
        hosts => [ 'localhost:9200' ]
        index => "apache2-%{+YYYY-MM-dd}"
    }
  if [host][hostname] == 'xxxxxx-xxxxxx' {
    file {
      path => "/tmp/debug.log"
      codec => rubydebug
    }
  }
}