00-hekad.toml

[hekad]
maxprocs = 8

[TcpInput]
splitter = "HekaFramingSplitter"
decoder = "ProtobufDecoder"
address = ":5565"

# [StatAccumInput]

[Dashboard]
type = "DashboardOutput"
address = ":4352"
ticker_interval = 15
[TestWebserver]
type = "LogstreamerInput"
log_directory = "/var/log/nginx"
file_match = 'access\.log'
decoder = "CombinedLogDecoder"

[CombinedLogDecoder]
type = "SandboxDecoder"
filename = "lua_decoders/nginx_access.lua"

[CombinedLogDecoder.config]
type = "combined"
user_agent_transform = true
# combined log format
log_format = '$remote_addr - $remote_user [$time_local] $server_port $ssl_protocol/$ssl_cipher $upstream_addr "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" -- [$request_time]'

[ESJsonEncoder]
index = "%{Type}-%{%Y.%m.%d}"
es_index_from_timestamp = true
type_name = "%{Type}"
    [ESJsonEncoder.field_mappings]
    Timestamp = "@timestamp"
    Severity = "level"

[ElasticSearchOutput]
server = "http://10.90.17.241:9200"
flush_interval = 5000
flush_count = 10
encoder = "ESJsonEncoder"
message_matcher = "Type != 'sync.log'"