33 lines
902 B
Plaintext
33 lines
902 B
Plaintext
input {
|
|
file {
|
|
path => "/data/*.log"
|
|
start_position => "beginning"
|
|
}
|
|
}
|
|
|
|
filter {
|
|
|
|
grok {
|
|
match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp} UTC\] \[%{LOGLEVEL:log-level}\] Used %{NUMBER:lua-speed-items} speeds from LUA profile or input map" }
|
|
add_field => { "subType" => "traffic-speed-update" }
|
|
}
|
|
|
|
if "_grokparsefailure" in [tags] {
|
|
grok {
|
|
match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp} UTC\]\s\[%{LOGLEVEL:log-level}\]\s%{DATE_EU:request-date}\s%{TIME:request-time}\s%{DATA:response_duration}\s%{IP:request-ip}\s\W\s(?<user-agent>.+?(?=\s\d{3}\s))\s(?<response-code>\d{3})\s%{URIPATH:uri}" }
|
|
add_tag => ["request"]
|
|
}
|
|
}
|
|
}
|
|
|
|
## Add your filters / logstash plugins configuration here
|
|
|
|
output {
|
|
elasticsearch {
|
|
hosts => "elasticsearch:9200"
|
|
user => "elastic"
|
|
password => "changeme"
|
|
index => "osrm"
|
|
}
|
|
}
|