一个基本的完整 Syslog 示例

从根本上说,Logstash 能够解析和存储系统日志数据。此示例显示了一个基本配置,可以帮助你实现此目的。

input {
  file {
    path => [
    type => "syslog"

filter {
  if [type] == "syslog" {
    # Uses built-in Grok patterns to parse this standard format
    grok {
      match => {
    # Sets the timestamp of the event to the timestamp of recorded in the log-data
    # By default, logstash sets the timestamp to the time it was ingested.
    date {
      match => [ "timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]

output {
  # Outputs processed events to an elasticsearch instance local to the box.
  elasticsearch {
    hosts => [