I am totally new to Logstash. Can anyone please tell me the filter to add to the configuration file, to separate the following log line using Logstash?
"2011/08/10 09:47:23.449598,0.001199,udp,203.136.22.37,15306, <->,147.32.84.229,13363,CON,0,0,2,317,64,flow=Background-UDP-Established",
I want the above line to return a JSON object like the following:
{
TimeStamp: 2011/08/10 09:47:23.449598
Value: 0.001199
protocol: udp
IP: 203.136.22.37
...
}
Copy below text and write it to your conf file and run logstash. It will take input from console and will output to the console in your desired format.
input {
stdin{
}
}
filter {
grok {
match => ["message","%{DATESTAMP:timestamp},%{BASE16FLOAT:value},%{WORD:protocol},%{IP:ip},%{GREEDYDATA:remaining}" ]
}
}
output {
stdout {
codec => rubydebug
}
}