参考:http://kibana.logstash.es/content/logstash/plugins/input/stdin.html
最常用法:
input {
stdin {
tags => ["_grokparsefailure"]
type => "web"
}
}
filter {
if [type] == "web" {
grok {
match => ["message", %{COMBINEDAPACHELOG}]
}
}
}
output {
if "_grokparsefailure" in [tags] {
nagios_nsca {
nagios_status => "1"
}
} else {
elasticsearch {
}
}
}