Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P279
(An Untitled Masterwork)
Active
Public
Actions
Authored by
stwalkerster
on Jan 20 2021, 8:47 PM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Tags
None
Referenced Files
F371789: raw-paste-data.txt
Jan 20 2021, 8:47 PM
2021-01-20 20:47:42 (UTC+0)
Subscribers
None
input {
file {
path => ["/mnt/**/*.log"]
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
grok {
match => {
"message" => [
"\A\[%{TIMESTAMP_ISO8601:date}\]%{SPACE}-\!-%{SPACE}%{GREEDYDATA:channelevent}$",
"\A\[%{TIMESTAMP_ISO8601:date}\]%{SPACE}<(?<statuschar>[@ +])(?<nick>[^> ]*)\>%{SPACE}%{GREEDYDATA:privmsg}$",
"\A\[%{TIMESTAMP_ISO8601:date}\]%{SPACE}%{SPACE}\*%{SPACE}(?<nick>[^ ]*)%{SPACE}%{GREEDYDATA:actionmessage}$",
"\A--- (?<logevent>Day changed)%{SPACE}(?<date>%{DAY}%{SPACE}%{MONTH}%{SPACE}%{MONTHDAY}%{SPACE}%{YEAR})",
"\A--- (?<logevent>Log closed|Log opened)%{SPACE}(?<date>%{DAY}%{SPACE}%{MONTH}%{SPACE}%{MONTHDAY}%{SPACE}%{TIME}%{SPACE}%{YEAR})"
]
}
}
grok {
match => {
"path" => "/mnt/(?<network>.*)/(?<channel>.*)\.log"
}
}
date {
match => ["date", "yyyy-MM-dd HH:mm:ss", "EEE MMM dd yyyy", "EEE MMM dd HH':'mm':'ss yyyy"]
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["elasticsearch"]
index => "irclogs"
}
}
Event Timeline
stwalkerster
created this paste.
Jan 20 2021, 8:47 PM
2021-01-20 20:47:42 (UTC+0)
stwalkerster
created this object with visibility "Public (No Login Required)".
Log In to Comment