| filter { | |
| multiline { | |
| pattern => '^(?m)[%{TIMESTAMP_ISO8601}] [%{HOSTNAME}] [%{DATA}] %{LOGLEVEL} ' | |
| negate => true | |
| what => previous | |
| } | |
| grok { | |
| pattern => [ | |
| "(?m)[%{TIMESTAMP_ISO8601:timestamp}] [%{HOSTNAME:host}] [%{DATA:thread}] %{LOGLEVEL:logLevel} %{DATA:class}@%{DATA:method}:%{DATA:line} - %{GREEDYDATA:message}" | |
| ] | |
| overwrite => [ | |
| "host", | |
| "message" | |
| ] | |
| add_field => { | |
| "code" => "%{class}@%{method}:%{line}" | |
| } | |
| } | |
| if "_grokparsefailure" in [tags] { | |
| grok { | |
| match => [ | |
| "message", "(?m)[%{TIMESTAMP_ISO8601:timestamp}] [%{HOSTNAME:host}] [%{DATA:thread}] %{LOGLEVEL:logLevel} %{DATA:class}@%{DATA:method}:%{DATA:line} - (?<message>(.| | )*)" | |
| ] | |
| overwrite => [ | |
| "host", | |
| "message" | |
| ] | |
| add_field => { | |
| "code" => "%{class}@%{method}:%{line}" | |
| } | |
| } | |
| } | |
| date { | |
| match => [ | |
| "timestamp" , "YYYY-MM-dd HH:mm:ss.SSS" | |
| ] | |
| target => "@timestamp" | |
| } | |
| } |