Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
47 lines (39 sloc) 1.28 KB
input {
tcp {
type => "iis"
port => 3333
}
}
filter {
grep {
type => "iis"
match => ["@message", "^#"]
negate => true
}
grok {
type => "iis"
pattern => "%{DATESTAMP:EventTime} %{NOTSPACE:sitename} %{HOSTNAME:computername} %{IP:hostip} %{URIPROTO:method} %{URIPATH:request} (?:%{NOTSPACE:queryparam}|-) %{NUMBER:port} (?:%{WORD:username}|-) %{IP:clientip} %{NOTSPACE:httpversion} %{NOTSPACE:useragent} (?:%{NOTSPACE:cookie}|-) (?:%{NOTSPACE:referer}|-) (?:%{NOTSPACE:host}|-) %{NUMBER:status} %{NUMBER:substatus} %{NUMBER:win32status} %{NUMBER:bytesreceived} %{NUMBER:bytessent} %{NUMBER:timetaken}"
}
mutate {
type => "iis"
convert => ["timetaken","integer"]
convert => ["bytessent","integer"]
convert => ["bytesreceived","integer"]
convert => ["status","integer"]
convert => ["substatus","integer"]
convert => ["win32status","integer"]
convert => ["port","integer"]
}
date {
type => "iis"
match => [ "EventTime", "yy-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch {
# Setting 'embedded' will run a real elasticsearch server inside logstash.
# This option below saves you from having to run a separate process just
# for ElasticSearch, so you can get started quicker!
embedded => true
}
}