[rsyslog-notify] Forum Thread: migrate logstash / grok into rsyslog possible - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Wed Mar 12 17:05:14 CET 2014
User: rsyslog at core.ch
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24347#p24347
Message:
----------
We are using rsyslog 7.4.10-0adiscon2
We also use elasticsearch, logstash and kibana to Analyse the logs.
Request:
We would like to use the rsyslog omelasticsearch module. Could this module
also do e.g. set the geoip base on the geolitecity.dat-File or set
variables like the geoip-property (These are some grok-statements from
logstash)
grok {
add_tag => ["apache"]
match => [ "message" , "%{COMBINEDAPACHELOG}"]
}
grok {
match => [ "request", "(.*)\.%{DATA:filetype}(/|\ |\?|$).*$" ]
}
geoip {
add_tag => ["geo"]
source => "clientip"
database => "/opt/geoip/GeoLiteCity.dat"
}
Could we do this with the rsyslog-config as well. How would it look like,
so we got an idea to go on.
Our Goal would be to remove logstash and use the direct way between rsyslog
and elasticsearch.
Thanks for your answer
ritzo
More information about the rsyslog-notify
mailing list