Hi All,
Anybody has a nice example for the loggs of ovirt for logstash?
I'm using this one now:
filter {
if [type] == "ovirt" {
grok {
match => { "message" => "\A%{TIMESTAMP_ISO8601}%{JAVAFILE}%{SYSLOG5424SD}%{GREEDYDATA}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_tag => [ "ovirt" ]
tag_on_failure => []
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
But I have got a grokparse failure in this one... So I was thinking maybe one of the community has something way better then this? :-)