38 lines
923 B
YAML
38 lines
923 B
YAML
input {
|
|
beats {
|
|
host => "127.0.0.1"
|
|
port => 5044
|
|
}
|
|
}
|
|
|
|
filter {
|
|
if [message] =~ /(last message repeated.*)|(logfile turned over)/ {
|
|
drop {}
|
|
}
|
|
|
|
mutate {
|
|
remove_field => [ "[beat][name]", "[prospector][type]", "offset", "source" ]
|
|
remove_tag => "beats_input_codec_plain_applied"
|
|
}
|
|
|
|
if [message] {
|
|
grok {
|
|
match => [ "message", "%{SYSLOGTIMESTAMP:[@metadata][timestamp]} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}: %{GREEDYDATA:message}" ]
|
|
overwrite => [ "message" ]
|
|
}
|
|
}
|
|
|
|
date {
|
|
match => [ "[@metadata][timestamp]", "MMM dd HH:mm:ss", "MMM d HH:mm:ss", "dd/MMM/yyyy:HH:mm:ss Z" ]
|
|
}
|
|
}
|
|
|
|
output {
|
|
elasticsearch {
|
|
hosts => ["http://localhost:9200"]
|
|
index => "logstash-%{+YYYY.MM.dd}"
|
|
template => "/etc/logstash/conf.d/templates/ecs-disabled/elasticsearch-7x.json"
|
|
template_name => "logstash"
|
|
template_overwrite => "true"
|
|
}
|
|
}
|