--- inputs: all: - amqp://activemq/topic/logstash-events linux-syslog: - /var/log/messages - /var/log/kern.log - /var/log/auth.log - /var/log/user.log apache-access: - /var/log/apache2/access.log apache-error: - /var/log/apache2/error.log filters: - grok: linux-syslog: # for logs of type 'linux-syslog' patterns: - %{SYSLOGLINE} apache-access: # for logs of type 'apache-error' patterns: - %{COMBINEDAPACHELOG} nagios: patterns: - %{NAGIOSLOGLINE} - date: linux-syslog: # for logs of type 'linux-syslog' # Look for a field 'timestamp' with this format, parse and it for the timestamp # This field comes from the SYSLOGLINE pattern timestamp: "%b %e %H:%M:%S" timestamp8601: ISO8601 apache-access: timestamp: "%d/%b/%Y:%H:%M:%S %Z" nagios: epochtime: %s outputs: - stdout:/// #- elasticsearch://localhost:9200/logstash/all - "elasticsearch://localhost:9200/logstash/all_river?method=river&type=rabbitmq&host=activemq&user=guest&pass=guest&vhost=/&queue=es"