logstash config for maxscale 2.1+

logstash.conf

input {
  tcp {
    port => 5000
    type => syslog
  }
  file {
    start_position => "beginning"
    path => "/var/log/maxscale/maxscale.log"
    type => "maxscale"
  }
}

filter {
  if [type] == "maxscale" {
    date {
      match => ["timestamp", "yyyy-MM-dd HH:mm:ss"]
    }
    grok {
      match => {"message" => '%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Added server \'%{WORD:server_name}\' to monitor \'%{WORD:monitor_name}\''}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Removed server '%{WORD:server_name}' from monitor '%{WORD:monitor_name}'"}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Added server '%{WORD:server_name}' to service '%{WORD:service_name}'"}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Removed server '%{WORD:server_name}' from service '%{WORD:service_name}'"}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Created server '%{WORD:server_name}' at %{IPORHOST:address}:%{POSINT:port}"}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Destroyed server '%{WORD:server_name}' at %{IPORHOST:address}:%{POSINT:port}"}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Server changed state: %{WORD:server_name}\[%{IPORHOST:address}:%{POSINT:port}\]:%{SPACE}%{DATA}\.%{SPACE}\[%{GREEDYDATA:previous_state}\] -> \[%{GREEDYDATA:state}\]"}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Created monitor '%{WORD:monitor_name}'"}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Destroyed monitor '%{WORD:monitor_name}'\. The monitor will be removed after the next restart of MaxScale."}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Created listener '%{WORD:listener_name}' at %{IPORHOST:address}:%{POSINT:port} for service '%{WORD:service_name}'"}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Destroyed listener '%{WORD:listener_name}' for service '%{WORD:service_name}'. The listener will be removed after the next restart of MaxScale."}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}\[%{WORD:listener_name}\] Initializing statement-based read/write split router module."}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE} Loaded module %{WORD:module_name}:%{SPACE}V%{INT:version_major}\.%{INT:version_minor}\.%{INT:version_patch} from %{PATH:module_path}"}
      match => {"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}%{SPACE}%{LOGLEVEL:severity}%{SPACE}:%{SPACE}Listening connections at %{IPORHOST:address}:%{POSINT:port} with protocol %{WORD:protocol}"}
    }
  }
}


## Add your filters / logstash plugins configuration here

output {
  elasticsearch {
    hosts => "elasticsearch:9200"
    user => "elastic"
    password => "changeme"
  }
}