TC_ELK

3/8/2019 - 9:31 AM

input {
  beats {
    client_inactivity_timeout => 120
    tags => "tc"
    port => 5055
  }
}

output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

filter {
 grok {
        match => {
                "message" => "%{TIMESTAMP_ISO8601} (?<correlation>[0-9a-z\-]+) %{WORD:level}([ ]+)([\[\]a-z \(\)\-0-9:\.]+)([A-Z]+)([ 0-9]+) --- ([\[a-z \-0-9]+)\] (?<class>[a-zA-Z\.]+)([ ]+): (?<category>[a-zA-Z\.\/\{\}]+) execution time: (?<execution_time>[0-9]+)"


overwrite => [ "message" ]

    }

     mutate {
        convert => { "execution_time" => "integer"}
    }

}

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

lock TC_ELK

TC_ELK