...
Code Block |
---|
input { file { path => "/var/log/apache.log" start_position => "beginning" # this will also send existing contents the first time you start Logstash add_field => { "source" => "apache" } # add a source field, for easier filtering } } output { elasticsearch { hosthosts => "logsene-receiver.sematext.com:443" # this is called "hosts" in Logstash 2.0+ ssl => true # (requires Logstash 1.5+) if you do not want to use SSL comment this out and change port to 80 port => 443 # or 80 is you disabled SSL with ssl => false protocol => http # omit this in Logstash 2.0+! On earlier versions, this should NOT be changed to HTTPS even if you enable SSL with ssl => true index => "LOGSENE_APP_TOKEN_GOES_HERE" manage_template => false # Logsene will manage templates for you } } |
...
Code Block |
---|
input { file { path => "/var/log/apache.log" add_field => { "source" => "apache" } # add a source field, for easier filtering start_position => "beginning" } } filter { if [source] == "apache" { # only try to parse if logs are from the "apache" source grok { match => [ "message", "%{COMBINEDAPACHELOG}" ] } } } output { elasticsearch { hosthosts => "logsene-receiver.sematext.com:443" ssl => true port => 443 protocol => http index => "LOGSENE_APP_TOKEN_GOES_HERE" manage_template => false } } |
...