logstash_conf

9/11/2018 - 11:26 PM

input {
	  file {
		      path => "/tmp/*.log"
	}
}

filter {
	if [message] =~ /ERROR/ {
			mutate {
				copy => { "path" => "path_tmp" }
			}
			mutate {
				split => { "path_tmp" => "/" }
			}
	                mutate {
				 replace => { "message" => "%{[path_tmp][1]}_%{message}"  }
			}
			mutate {
				 remove_field => [ "path_tmp" ]
			}
	}
								    
}

output {
	  slack {
		      url => "https://hooks.slack.com/services/xx/xx/xx"
		          format => "[Test !] %{message}"
			    }
	    # stdout { codec => rubydebug }
}

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

logstash_conf