| filter { |
| |
multiline { |
| |
pattern => '^(?m)\[%{TIMESTAMP_ISO8601}\] \[%{HOSTNAME}\] \[%{DATA}\] %{LOGLEVEL} ' |
| |
negate => true |
| |
what => previous |
| |
} |
| |
|
| |
grok { |
| |
pattern => [ |
| |
"(?m)\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{HOSTNAME:host}\] \[%{DATA:thread}\] %{LOGLEVEL:logLevel} %{DATA:class}@%{DATA:method}:%{DATA:line} \- %{GREEDYDATA:message}" |
| |
] |
| |
|
| |
overwrite => [ |
| |
"host", |
| |
"message" |
| |
] |
| |
|
| |
add_field => { |
| |
"code" => "%{class}@%{method}:%{line}" |
| |
} |
| |
} |
| |
|
| |
if "_grokparsefailure" in [tags] { |
| |
grok { |
| |
match => [ |
| |
"message", "(?m)\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{HOSTNAME:host}\] \[%{DATA:thread}\] %{LOGLEVEL:logLevel} %{DATA:class}@%{DATA:method}:%{DATA:line} \- (?<message>(.|\r|\n)*)" |
| |
] |
| |
overwrite => [ |
| |
"host", |
| |
"message" |
| |
] |
| |
add_field => { |
| |
"code" => "%{class}@%{method}:%{line}" |
| |
} |
| |
} |
| |
} |
| |
|
| |
date { |
| |
match => [ |
| |
"timestamp" , "YYYY-MM-dd HH:mm:ss.SSS" |
| |
] |
| |
target => "@timestamp" |
| |
} |
| |
} |
