Feature: add rsyslog multiline logs

2026-03-04 22:35:36 +00:00 · 2017-05-24 14:59:12 +02:00
parent 104cecde72
commit 84dbfe7dba
6 changed files with 68 additions and 0 deletions
--- a/logstash/indexer/pipeline/kafka_elasticsearch.conf
+++ b/logstash/indexer/pipeline/kafka_elasticsearch.conf
@@ -23,6 +23,12 @@ input {
        topics => ["apache-forwarder"]
        client_id => "logstash_indexer_1"
 	}
+	kafka {
+        codec =>  json{}
+        bootstrap_servers => "kafka:9092"
+        topics => ["javalog"]
+        client_id => "logstash_indexer_1"
+	}
 }

 filter {
@@ -130,6 +136,12 @@ output {
 			index => "apache-%{+YYYYMM}"
        }
 	}
+	if [type] == "javalog" {
+        elasticsearch {
+			hosts => ["elasticsearch:9200"]
+			index => "javalog-%{+YYYYMM}"
+        }
+	}
 	if [type] == "random-forwarder" {
        elasticsearch {
 			hosts => ["elasticsearch:9200"]
--- a/logstash/shipper/pipeline/beat_kafka.conf
+++ b/logstash/shipper/pipeline/beat_kafka.conf
@@ -2,12 +2,33 @@ input {
  beats {
    port => 5044
  }
+  udp {
+    port => 10514
+    type => "syslog"
+  }
  lumberjack {
 	port => 5043
 	ssl_key => "/ssl/selfsigned.key"
 	ssl_certificate => "/ssl/selfsigned.crt"
  }
 }
+
+filter {
+  if [type] == "syslog" {
+    mutate {
+	  gsub => [ "message", "\t", "\\t" ]
+    }
+	if ![programname] {
+	  json {
+	  	source => "message"
+	  }
+	}
+	mutate {
+      replace => [ "type", "%{programname}" ]
+    }
+  }
+}
+
 output {
  kafka {
    codec => json