-
Notifications
You must be signed in to change notification settings - Fork 2
/
logstash.conf
47 lines (44 loc) · 948 Bytes
/
logstash.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
input {
file {
type => "wd"
path => ["/usr/sap/webdispatcher/access*"]
start_position => "beginning"
codec => plain {
charset => "ISO-8859-1"
}
}
}
filter {
if [type] == "wd" {
grok {
patterns_dir => "./patterns"
match => { "message" => "%{WEBDISPATCHER}" }
}
date {
match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
}
mutate {
convert => [ "bytes", "integer" ]
convert => [ "duration", "integer" ]
}
metrics {
meter => "events"
add_tag => "metric"
}
}
}
output {
elasticsearch {
host => localhost
index => "wd"
index_type => "logs"
protocol => "http"
}
if "metric" in [tags] {
stdout {
codec => line {
format => "Rate: %{events.rate_1m} and count %{events.count}"
}
}
}
}