etc/prod.yaml in logstash-lite-0.2.20101119183130 vs etc/prod.yaml in logstash-lite-0.2.20101120021802
- old
+ new
@@ -9,10 +9,12 @@
- /var/log/user.log
apache-access:
- /var/log/apache2/access.log
apache-error:
- /var/log/apache2/error.log
+ testing:
+ - /tmp/logstashtest.log
filters:
- grok:
linux-syslog: # for logs of type 'linux-syslog'
patterns:
- %{SYSLOGLINE}
@@ -20,19 +22,32 @@
patterns:
- %{COMBINEDAPACHELOG}
nagios:
patterns:
- %{NAGIOSLOGLINE}
+ loggly:
+ patterns:
+ - %{JAVASTACKTRACEPART}
+ testing:
+ patterns:
+ - %{JAVASTACKTRACEPART}
- date:
linux-syslog: # for logs of type 'linux-syslog'
# Look for a field 'timestamp' with this format, parse and it for the timestamp
# This field comes from the SYSLOGLINE pattern
timestamp: "%b %e %H:%M:%S"
timestamp8601: ISO8601
apache-access:
timestamp: "%d/%b/%Y:%H:%M:%S %Z"
nagios:
epochtime: %s
+- multiline:
+ supervisorlogs:
+ pattern: ^\s
+ what: previous
+ testing:
+ pattern: ^\s
+ what: previous
outputs:
- stdout:///
#- elasticsearch://localhost:9200/logstash/all
- "elasticsearch://localhost:9200/logstash/all_river?method=river&type=rabbitmq&host=activemq&user=guest&pass=guest&vhost=/&queue=es"