Adding the ELK Code
[platform-oam.git] / elk-stack / logstash / pipeline / logstash.conf
1 input {
2   beats {
3         port => 5000
4         codec => plain {
5                  charset => "ISO-8859-1"
6                  }        
7   }
8 }
9 filter {
10      
11   if ([source] =~ /access.log$/){
12        grok {
13           match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}\|%{WORD:moduleName}\|%{WORD:userAgent}\|%{NOTSPACE:urlDefault}\|%{LOGLEVEL:loglevel}\|\|%{GREEDYDATA:unstructured_data}\|%{SPACE}%{SPACE}(?<actualData>(.|\r|\n)*)" }
14        }
15   }
16   if ([source] =~ /application.log$/){
17        grok {
18           match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}\|\|\|%{NOTSPACE:app}\|\|\|\|%{LOGLEVEL:loglevel}\|\|\|\|\|\|\|%{SPACE}%{GREEDYDATA:actualData}" }
19        }
20   }
21   if ([source] =~ /debug.log$/){
22        grok {
23           match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}\|\|\|%{NOTSPACE:app}\|\|\|\|%{LOGLEVEL:loglevel}\|\|\|\|\|%{SPACE}%{GREEDYDATA:packageName}\|\|%{SPACE}(?<actualData>(.|\r|\n)*)" }
24        }
25   }
26   if ([source] =~ /error.log$/){
27        grok {
28           match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}\|\|\|%{NOTSPACE:app}\|\|\|\|%{LOGLEVEL:loglevel}\|\|\|\|\|%{SPACE}%{GREEDYDATA:packageName}\|\|%{SPACE}(?<actualData>(.|\r|\n)*)" }
29        }
30   }
31
32 }
33
34
35 output {
36         elasticsearch { hosts => ["elasticsearch:9200"]
37        }
38
39 }