[graylog2] filter message logstash

Thu, 18 Aug 2016 05:48:31 -0700 


Hello, 

I am creating a filter in logstash to filter log messages, my messages:


localhost - - [14/Aug/2016:06:33:54 -0300] "POST /printers/pr-01021-s 
HTTP/1.1" 200 379 Create-Job successful-ok
localhost - - [14/Aug/2016:06:33:54 -0300] "POST /printers/pr-01021-s 
HTTP/1.1" 200 66806 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:11 -0300] "POST /printers/pr-01016-r 
HTTP/1.1" 200 369 Create-Job successful-ok
localhost - - [14/Aug/2016:06:34:11 -0300] "POST /printers/pr-01016-r 
HTTP/1.1" 200 9373 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:32 -0300] "POST /printers/pr-01036-j 
HTTP/1.1" 200 371 Create-Job successful-ok
localhost - - [14/Aug/2016:06:34:32 -0300] "POST /printers/pr-01036-j 
HTTP/1.1" 200 41189 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:33 -0300] "POST /printers/pr-01036-j 
HTTP/1.1" 200 379 Create-Job successful-ok
localhost - - [14/Aug/2016:06:34:33 -0300] "POST /printers/pr-01036-j 
HTTP/1.1" 200 54611 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:51 -0300] "POST /printers/pr-01006-8 
HTTP/1.1" 200 370 Create-Job successful-ok
localhost - - [14/Aug/2016:06:34:51 -0300] "POST /printers/pr-01006-8 
HTTP/1.1" 200 1992 Send-Document successful-ok


I need only lines:
localhost - - [14/Aug/2016:06:33:54 -0300] "POST /printers/pr-01021-s HTTP/1.1" 
200 66806 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:11 -0300] "POST /printers/pr-01016-r HTTP/1.1" 
200 9373 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:32 -0300] "POST /printers/pr-01036-j HTTP/1.1" 
200 41189 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:33 -0300] "POST /printers/pr-01036-j HTTP/1.1" 
200 54611 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:51 -0300] "POST /printers/pr-01006-8 HTTP/1.1" 
200 1992 Send-Document successful-ok

that is: Lines containg is string "Send-Document" 




I use logstash as collector :

vim /etc/logstash/conf.d/11-cupsacess.conf

# Entrada padrão dos arquivos de log.
input {
# Ssh
     file {
         type => "access_log_cups"
         path => "/var/log/cups/access_log"
     }
}


# Saída padrão para o Graylog2 no formato GELF.
output  {
        gelf {
                host => "10.122.80.203"
        }
}





can anybody help me? 


filter {
        if [type] == "access_log_cups" {
                grok {
                        match => { "message" => XXXXXXxxxxxxxxx}
                       
                        }
                }


Thank you so much

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ddb755c7-0480-4cb3-874b-3aa7e8776fa2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to