Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
34 lines (33 sloc) 2.24 KB
filter {
if [fields][informix] {
date {
match => [ "informix.timestamp", "MM/dd/yy HH:mm:ss" ]
}
grok {
match => { "message" => "%{DATESTAMP:informix.timestamp} %{GREEDYDATA:message}" }
overwrite => [ "message" ]
}
grok {
tag_on_failure => ["_grokparsefailure_informix"]
match => { "message" => [
"Error %{INT:informix.error_number} %{GREEDYDATA:informix.error_text}",
"Maximum server connections %{INT:informix.max_server_connections}",
"External Backup preparation complete - Time %{NUMBER:informix.external_backup_block_time}",
"External Backup unblock complete - Time %{NUMBER:informix.external_backup_unblock_time}",
"Error %{INT:informix.error_number} %{GREEDYDATA:informix.error_text}",
"Maximum server connections %{INT:informix.max_server_connections}",
"Logical Log %{INT:informix.llog_complete} Complete, timestamp: %{BASE16NUM:llog_timestamp}.",
"Logical Log %{INT:informix.llog_backup_started} - Backup Started",
"Logical Log %{INT:informix.llog_backup_completed} - Backup Completed",
"Logical Log %{INT:informix.llog_backup_aborted} - Backup Aborted",
"Checkpoint Statistics - Avg. Txn Block Time %{NUMBER:informix.ckpt_block_time}, # Txns blocked %{INT:informix.ckpt_transactions_blocked}, Plog used %{INT:informix.ckpt_plog_used}, Llog used %{INT:informix.ckpt_llog_used}",
"Checkpoint Completed: duration was %{INT:informix.ckpt_duration} seconds.",
"Checkpoint Completed: duration was %{INT:informix.ckpt_duration} seconds.",
"loguniq %{INT:informix.llog_uniq}, logpos %{BASE16NUM:informix.llog_pos}, timestamp: %{BASE16NUM:informix.llog_timestamp} Interval: %{INT:informix.llog_interval}",
"Process exited with return code %{INT:informix.onbar_return_code}: /bin/sh /bin/sh -c %{URIPATHPARAM} 2 23 \"Logical Log %{INT:informix.llog_complete} Complete, timestamp: %{BASE16NUM:informix.llog_timestamp}.\" \"Logical Log %{INT} Complete, timestamp: %{BASE16NUM}.\" \"\" %{INT}",
"External Backup preparation complete - Time %{NUMBER:informix.external_backup_block_time}",
"External Backup unblock complete - Time %{NUMBER:informix.external_backup_unblock_time}" ]
}
}
}
}