[rsyslog-notify] Forum Thread: Re: Rsylog Rulebase for apache acess log and logstash-access - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Mon Nov 30 15:31:21 CET 2015
User: Butler
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26207#p26207
Message:
----------
[quote="pankaj17":6n0c3jf5]I'm referring <!-- m --><a class="postlink"
href="http://linux-help.org/wiki/logging/advanced-rsyslog">http://linux-help.org/wiki/logging/advanced-rsyslog</a><!--
m --> for Apache log centralization and feeding data to elasticserach:
But data is not getting inserted into elasticsearch:
[/quote:6n0c3jf5]
Hello
You found the solution? I try your configuration, RSyslog actually sends
this message to Elastic
[code:6n0c3jf5]{
"@timestamp":"2015-11-27T15:49:59+01:00",
"message":"192.168.101.62 - -
[27/Nov/2015:15:49:58 +0100] \"GET
/mac/customer/ticket/tickets-data-loaded.do?clientTime=1448635799539&lastCallTime=1448635789486&_=1448635799540
HTTP/1.1\" 200 2184 \"http://xxxxxx/mac/customer/home.do\"
\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0)
Gecko/20100101 Firefox/39.0\" ",
"host":"193.56.56.56",
"@source_host":"rp4",
"tag":"apache-access",
"vhost":"",
"bytes":"",
"clientip":"",
"method":"",
"request":"",
"pversion":"",
"referrer":"",
"useragent":"",
"status":""
}[/code:6n0c3jf5]
More information about the rsyslog-notify
mailing list