-
-
Save mizanRahman/b63b78bf3a67997e5dc4 to your computer and use it in GitHub Desktop.
Example log4j logstash configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # one way w/o web interface: | |
| # java -jar lib/playbooks/servers/files/logstash-1.1.1-monolithic.jar agent -f lib/playbooks/servers/files/logstash.conf | |
| # another with a web interface(http://localhost:9292) : | |
| # java -jar lib/playbooks/servers/files/logstash-1.1.1-monolithic.jar agent -f lib/playbooks/servers/files/logstash.conf -- web --backend 'elasticsearch:///?local' | |
| # nc localhost 3333 < logfile | |
| # | |
| # When you are all done, you can delete the 'data' folder to delete the database. | |
| input { | |
| tcp { | |
| type => "log4j" | |
| port => 3333 | |
| } | |
| stdin { | |
| type => "log4j" | |
| } | |
| } | |
| filter { | |
| grok { | |
| type => "log4j" | |
| pattern => "%{LOGLEVEL:severity}\s+%{WORD:category} *-* *%{GNDATE:timestamp} \[\w+\[%{GREEDYDATA:thread},.*\]\] %{GREEDYDATA:message}" | |
| patterns_dir => "lib/playbooks/servers/files/patterns" | |
| add_tag => "log4j" | |
| } | |
| date { | |
| type => "log4j" | |
| timestamp => "MM-dd-yyyy hh:mm:ss.SSS a Z" | |
| exclude_tags => "_grokparsefailure" | |
| } | |
| # Catches normal space indented type things, probably could be removed b/c the other multiline should do everythign we need | |
| multiline { | |
| type => "log4j" | |
| tags => ["_grokparsefailure"] # exclude anything we already handled | |
| pattern => ".*" | |
| what => "previous" | |
| add_tag => "notgrok" | |
| } | |
| } | |
| output { | |
| elasticsearch { embedded => true } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment