Brain-Extensions/BrainLogs.config at master · eeik/Brain-Extensions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# This Logstash config file processes TheBrain's log files
# and passes their contents over to Elasticsearch

input {
	file {
		path => "C:/Users/{INSERT_USERNAME}/AppData/Local/TheBrain/Logs/Archive/*.log"
		start_position => "beginning"
		sincedb_path => "NUL"
		codec => multiline {
			charset => "Windows-1252"
 			pattern => "^%{TIMESTAMP_ISO8601} "
			negate => true
			what => "previous"
		}
	}
}

filter {

	grok {
		match => { "message" => "%{TIMESTAMP_ISO8601:logdate}%{SPACE}\|%{SPACE}%{WORD:category}%{SPACE}\|%{SPACE}%{GREEDYDATA:event_source}%{SPACE}\|%{SPACE}\[%{INT:event_code}\]%{SPACE}%{GREEDYDATA:event_message}" }
	}

	date {
		locale => "EN"
		timezone => "UTC"
		match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSSS" ] #2019-03-30 06:01:39.3161
		target => "@timestamp"
	}
}

output {
	elasticsearch {
		hosts => "localhost:9200"
		index => "brain_logs"
	}
	stdout {}
}