Patterns for parsing and structuring log messages for different services with Logstash.
Use this app for debugging your patterns! Be careful, there might be subtle differences!
When issuing pull requests to this repository, don't forget to include an example of the messages your commits try to parse!!
Develop a new pattern typically in its own file, and call the main new pattern <something>_MSG.
Than you can do:
- extend the
RSYSLOGMESSAGEin thersyslogfile with a new pattern, by joining it with a|and placing the new pattern before theGREEDYDATAone. This requires only a new rpm and no configuration changes. This is very convient for testing. - add the new pattern to the list in the test configuration to the
grokfilter before theRSYSLOGMESSAGEas follows:%{RSYSLOGPREFIX}%{<something>_MSG}This requires a new rpm and configuration change in quattor too. Should only be done when a pattern is considered stable.