Page MenuHomePhabricator
Paste P279

(An Untitled Masterwork)
ActivePublic

Authored by stwalkerster on Jan 20 2021, 8:47 PM.
input {
file {
path => ["/mnt/**/*.log"]
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
grok {
match => {
"message" => [
"\A\[%{TIMESTAMP_ISO8601:date}\]%{SPACE}-\!-%{SPACE}%{GREEDYDATA:channelevent}$",
"\A\[%{TIMESTAMP_ISO8601:date}\]%{SPACE}<(?<statuschar>[@ +])(?<nick>[^> ]*)\>%{SPACE}%{GREEDYDATA:privmsg}$",
"\A\[%{TIMESTAMP_ISO8601:date}\]%{SPACE}%{SPACE}\*%{SPACE}(?<nick>[^ ]*)%{SPACE}%{GREEDYDATA:actionmessage}$",
"\A--- (?<logevent>Day changed)%{SPACE}(?<date>%{DAY}%{SPACE}%{MONTH}%{SPACE}%{MONTHDAY}%{SPACE}%{YEAR})",
"\A--- (?<logevent>Log closed|Log opened)%{SPACE}(?<date>%{DAY}%{SPACE}%{MONTH}%{SPACE}%{MONTHDAY}%{SPACE}%{TIME}%{SPACE}%{YEAR})"
]
}
}
grok {
match => {
"path" => "/mnt/(?<network>.*)/(?<channel>.*)\.log"
}
}
date {
match => ["date", "yyyy-MM-dd HH:mm:ss", "EEE MMM dd yyyy", "EEE MMM dd HH':'mm':'ss yyyy"]
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["elasticsearch"]
index => "irclogs"
}
}

Event Timeline

stwalkerster created this object with visibility "Public (No Login Required)".