swarm

docker-swarm/log/logstash.conf

@@ -0,0 +1,36 @@
+filter {
+    grok {
+        match => { "message" => "%{TIMESTAMP_ISO8601:oldtimestamp}\s+\[%{DATA:service}\]\s+\[TID:%{NOTSPACE:tid}\]\s+\[%{DATA:thread}\]\s+%{LOGLEVEL:loglevel}\s+%{NOTSPACE:class}\s+-%{GREEDYDATA:oldmessage}"}
+    }
+
+    
+    date {
+      match => ["oldtimestamp", "ISO8601"] 
+      target => "@timestamp" 
+    }
+    mutate {
+      replace => { "message" => "%{oldmessage}" }
+      remove_field => [ "oldmessage","oldtimestamp","agent","host","input","log.flags","log.flags.keyword","tags" ]
+    }
+}
+
+
+output {
+  if [servicename] {  
+    elasticsearch {
+        hosts => [ "crm1-es-elasticsearch:9200" ]
+        index => "sslog-%{[service]}"
+        action => "create"
+        ilm_enabled => false
+    }
+  }else{
+    elasticsearch {
+        hosts => [ "crm1-es-elasticsearch:9200" ]
+        index => "sslog-default"
+        action => "create"
+        ilm_enabled => false
+    }
+  }
+}
+
+