Paste #127449
   
Operation paste
pasted on 09.10.2019 16:17
  • Edit to this paste
  • Print
  • Raw
  • The following pastes replied to this paste:  # 142850 # 230441
  • Show paste tree
  • Compare with paste
    #  
  • Toggle line numbers
  • Syntax highlighting  
Text paste 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
input {
  beats {
    type => "postfix"
    port => 5044
  }
}

filter {
 if [type] == "postfix" {
    grok {
        match => { "message" => "%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{DATA:program}(?:\[%{POSINT}\])?: %{GREEDYDATA:message}" }
    }
       }
}
output {
        elasticsearch {
            type     => "postfix"
            hosts    => "localhost:9200"
            index    => "postfix-%{+YYYY.MM.dd}"
        }

}
Add Comment
Author