etc/logstash_cambria_template.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

input {
        file {
                path => "${CAMBRIA_SERVER_LOG}"
                codec => multiline {
                        pattern => "^\[%{YEAR}-%{MONTH}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND}\]"
                        negate => "true"
                        what => "previous"
                }
                sincedb_path => "/opt/app/logstash/conf_stage/.sincedb_cambria"
                start_position => "beginning"
                type => "cambria"
        }
}

filter {
	if [type] == "cambria" {
	        grok {
	                match => ["message", "\[(?<date>%{YEAR}-%{MONTH}-%{MONTHDAY}%{SPACE}%{HOUR}:%{MINUTE}:%{SECOND})\]\[%{DATA:logLevel}\]\[%{DATA:thread}\]\[%{DATA:class}\]\[%{DATA:id}\]%{GREEDYDATA:message}"]
	        }
	
	        date {
	                match => ["date", "YYYY-MMM-DD HH:mm:ss,SSS"]
	        }
	}
}

output {
	if [type] == "cambria" {
            elasticsearch {
                    cluster => "2020SA"
                    host => "${ELASTICSEARCH_NODES}"
                    index => "cambria-%{+YYYY.MM.dd}"
            }
    }
}