[ovirt-users] elkstack
Koen Vanoppen
vanoppen.koen at gmail.com
Mon Oct 5 06:21:09 UTC 2015
Hi All,
Anybody has a nice example for the loggs of ovirt for logstash?
I'm using this one now:
filter {
if [type] == "ovirt" {
grok {
match => { "message" =>
"\A%{TIMESTAMP_ISO8601}%{JAVAFILE}%{SYSLOG5424SD}%{GREEDYDATA}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_tag => [ "ovirt" ]
tag_on_failure => []
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
But I have got a grokparse failure in this one... So I was thinking maybe
one of the community has something way better then this? :-)
Kind regards,
Koen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151005/f040442a/attachment-0001.html>
More information about the Users
mailing list