elk

production/elk/apache.conf

@@ -0,0 +1,29 @@
+input {
+  file {
+    path => "/access.log"
+#    start_position => "beginning"
+    mode => "tail"
+    file_completed_action => "log"
+  }
+}
+
+filter {
+  if [path] =~ "access" {
+    mutate { replace => { "type" => "apache_access" } }
+    grok {
+      match => { "message" => "%{COMBINEDAPACHELOG}" }
+    }
+  }
+  date {
+    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
+  }
+}
+
+output {
+  elasticsearch {
+    hosts => ["elasticsearch:9200"]
+    index => "nginx"
+    document_type => "access_log"
+  }
+#  stdout { codec => rubydebug }
+}