nisham22
10/6/2017 - 9:20 AM
Logstash
Logstash
sudo nohup ./bin/logstash -f configFiles/auto/flexott-automated.conf >/dev/null 2>&1 &
Run logstash debug
./bin/logstash -f fileName.conf --debug
Run logstash with nohup
nohup ./bin/logstash -f fileName.conf &
Background process without npohup.out
nohup ./bin/logstash -f file.conf >/dev/null 2>&1 &
input {
file {
path => "/Users/vineeth/Logstash/data.csv"
start_position => "beginning"
sincedb_path => "/Users/vineeth/Logstash/.vm.aaccess.sincedb"
codec => plain {
charset => "ISO-8859-15"
}
type => axis_camera_access_log
}
}
filter {
csv {
source => "message"
columns => [ "text" , "tagsText"]
separator => "|||"
quote_char => "_"
}
mutate {
split => { "tagsText" => "><" }
}
mutate {
gsub => [
"tagsText", "<", "",
"tagsText", ">", ""
]
}
mutate {
remove_field => [ "path" , "@version" , "@timestamp" , "host" , "message" , "type" ]
}
}
output {
#stdout { codec => "rubydebug" }
elasticsearch {
index=> "stackoverflow"
hosts => ["localhost:9200"]
}
}input {
# Read all documents from Elasticsearch matching the given query
elasticsearch {
hosts => "10.20.0.10"
index => "syslog-oct-bu"
}
}
output {
# stdout {
# codec => rubydebug
# }
elasticsearch {
hosts => ["10.20.0.10:9200"]
index => "syslog-oct-bu"
index => "syslog-12f0895a4f4c4fdaacd5fcc81123ce73"
}
}ruby {
code => 'event.set("message_hash",Digest::MD5.hexdigest(event.get("message")))'
}
ruby {
code => "
hash = event.to_hash
hash.each do |k,v|
if v == nil
event.remove(k)
end
end
"
}