nagetsum/logstash-jboss-eap-accesslog.conf

## logstash-jboss-eap-accesslog.conf
input {
  stdin { }
}

filter {
  grok {
    match => { "message" => "%{IPORHOST:clientip} %{DATA:ident} %{DATA:auth} \[(?<timestamp>%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{DATA})\] \"%{WORD:verb} %{NOTSPACE:request} HTTP\/%{NUMBER:httpversion}\" %{NUMBER:response} (?:%{DATA:bytes}|-) %{QS:referer} %{QS:agent} %{QS:cookie} (?:\"\[%{GREEDYDATA:setcookie}\]\"|%{QS:setcookie}) %{DATA:sessionid} %{QS:threadname} %{NUMBER:durationsec}" }
  }

  date {
    match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
  }

  mutate {
    convert => {
      "duration_microsec" => "integer"
    }
  }
}

output {
  elasticsearch {}
  stdout {}
}
	input {
	stdin { }
	}

	filter {
	grok {
	match => { "message" => "%{IPORHOST:clientip} %{DATA:ident} %{DATA:auth} \[(?<timestamp>%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{DATA})\] \"%{WORD:verb} %{NOTSPACE:request} HTTP\/%{NUMBER:httpversion}\" %{NUMBER:response} (?:%{DATA:bytes}\|-) %{QS:referer} %{QS:agent} %{QS:cookie} (?:\"\[%{GREEDYDATA:setcookie}\]\"\|%{QS:setcookie}) %{DATA:sessionid} %{QS:threadname} %{NUMBER:durationsec}" }
	}

	date {
	match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
	}

	mutate {
	convert => {
	"duration_microsec" => "integer"
	}
	}
	}

	output {
	elasticsearch {}
	stdout {}
	}
No results found