input {
file {
path => [ "/var/log/apache2/example.com_access_log",
"/var/log/apache2/domain.com_access_log",
"/var/log/apache2/somesite.com_access_log",
"/var/log/apache2/access.log"
]
type => "apache-access-log"
}
}
filter {
if [type] == "apache-access-log" {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
logstash.conf
output {
stdout {
codec => rubydebug
}
elasticsearch {
bind_host => "127.0.0.1"
cluster => "elasticsearch"
host => "127.0.0.1"
}
}
No comments:
Post a Comment