| Varun Gudisena | ca63da6 | 2017-08-30 16:00:10 -0500 | [diff] [blame] | 1 | input { |
| 2 | file { |
| 3 | path => "${CAMBRIA_SERVER_LOG}" |
| 4 | codec => multiline { |
| 5 | pattern => "^\[%{YEAR}-%{MONTH}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}\]" |
| 6 | negate => "true" |
| 7 | what => "previous" |
| 8 | } |
| 9 | sincedb_path => "/opt/app/logstash/conf_stage/.sincedb_cambria" |
| 10 | start_position => "beginning" |
| 11 | type => "cambria" |
| 12 | } |
| 13 | } |
| 14 | |
| 15 | filter { |
| 16 | if [type] == "cambria" { |
| 17 | grok { |
| 18 | match => ["message", "\[(?<date>%{YEAR}-%{MONTH}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND})\]\[%{DATA:logLevel}\]\[%{DATA:thread}\]\[%{DATA:class}\]\[%{DATA:id}\]%{GREEDYDATA:message}"] |
| 19 | } |
| 20 | |
| 21 | date { |
| 22 | match => ["date", "YYYY-MMM-DD HH:mm:ss,SSS"] |
| 23 | } |
| 24 | } |
| 25 | } |
| 26 | |
| 27 | output { |
| 28 | if [type] == "cambria" { |
| 29 | elasticsearch { |
| 30 | cluster => "2020SA" |
| 31 | host => "${ELASTICSEARCH_NODES}" |
| 32 | index => "cambria-%{+YYYY.MM.dd}" |
| 33 | } |
| 34 | } |
| 35 | } |
| 36 | |