Logstash - mwicat/personal GitHub Wiki

Install

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install logstash
sudo ln -sfn /usr/share/logstash/bin/logstash /usr/local/bin/logstash

sudo /usr/share/logstash/bin/logstash -f logstash.conf

GELF

input {

    gelf {
        host    => '0.0.0.0'
        port    => 12201
        type    => "gelf"
    }

    http {
        host => "0.0.0.0"
        port => 8044
        type => "health_check"
    }


}

filter {

}
	
output {
        stdout { codec => 'rubydebug' }
}

Elasticsearch

output {
    elasticsearch {
        hosts => ["localhost:9200"]
        index => "myindex-%{+YYYY.MM.dd}"
        user => "myuser"
        password => "mypass"
    }
}

Drop event

        if !([loglevel] == "WARN" or [loglevel] == "ERROR") {
            drop {}
        }

Patterns