47 lines
801 B
Plaintext
47 lines
801 B
Plaintext
input {
|
|
beats {
|
|
port => 5044
|
|
}
|
|
|
|
tcp {
|
|
port => 5000
|
|
codec => json_lines
|
|
}
|
|
|
|
udp {
|
|
port => 5000
|
|
codec => json_lines
|
|
}
|
|
}
|
|
|
|
filter {
|
|
if [fields][log_type] == "syslog" {
|
|
grok {
|
|
match => { "message" => "%{SYSLOGTIMESTAMP:timestamp} %{GREEDYDATA:message}" }
|
|
}
|
|
}
|
|
|
|
if [fields][log_type] == "apache" {
|
|
grok {
|
|
match => { "message" => "%{COMBINEDAPACHELOG}" }
|
|
}
|
|
}
|
|
|
|
date {
|
|
match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
|
|
}
|
|
}
|
|
|
|
output {
|
|
elasticsearch {
|
|
hosts => ["${ELASTICSEARCH_HOSTS:http://elasticsearch:9200}"]
|
|
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
|
|
user => "${ELASTICSEARCH_USERNAME:}"
|
|
password => "${ELASTICSEARCH_PASSWORD:}"
|
|
}
|
|
|
|
stdout {
|
|
codec => rubydebug
|
|
}
|
|
}
|