# Sample configuration file # # Author: Thomas Neuburger t.neuburger@telekom.de # # Active config files have to be in /etc/logstash/conf.d/ # # For testing configuration syntax run: # /opt/logstash/bin/logstash agent -f /etc/logstash/conf.d/ --configtest # # For reference on plugins look at: # https://www.elastic.co/guide/en/logstash/current # input { # Sample for local file input. File must be readable for logstash user! #file { # type => "syslog" # path => [ "/var/log/messages" ] #} # Read network input over beats protocol (used by filebeat, packetbeat, topbeat..) # ...Filebeat is the successor of logstash-forwarder, so most people need this beats { port => 5044 } } filter { # Sample filtering for log input from filebeat ("type" and "source" are set by filebeat). if [type] == "log" { if [source] == "/var/log/messages" { grok { # For reference on shipped grok patterns have a look at: # https://github.com/logstash-plugins/logstash-patterns-core/tree/master/patterns # For testing grok patterns have a look at: http://grokdebug.herokuapp.com/ match => [ "message", "%{SYSLOGBASE}" ] } } } } output { # Output to elasticsearch on localhost. # If given an array it will load balance requests across the hosts elasticsearch { hosts => "127.0.0.1" } }