Skip to content

Logstash

Jump to bottom Edit New page
Aaron Mildenstein edited this page Jun 11, 2014 · 7 revisions

Common practice is to run curator as a cron job, e.g.

20 0 * * * /usr/local/bin/curator delete --older-than 60 2&>1 | /bin/nc localhost 28778

Then logstash can be configured using:

input {
  tcp {
    type => "curator"
    port => "28778"
  }
}
filter {
  if [type] == "curator" {
    grok {
      match => {
        "message" => "%{TIMESTAMP_ISO8601:timestamp} %{WORD:level}%{SPACE}%{WORD:function}:%{POSINT:line}%{SPACE}%{GREEDYDATA:description}"
      }
    }
  }
}
Add a custom footer
Add a custom sidebar
Clone this wiki locally