[graylog2] filter message logstash

Thu, 18 Aug 2016 05:48:31 -0700 


Hello, 

I am creating a filter in logstash to filter log messages, my messages:


localhost - - [14/Aug/2016:06:33:54 -0300] "POST /printers/pr-01021-s 
HTTP/1.1" 200 379 Create-Job successful-ok
localhost - - [14/Aug/2016:06:33:54 -0300] "POST /printers/pr-01021-s 
HTTP/1.1" 200 66806 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:11 -0300] "POST /printers/pr-01016-r 
HTTP/1.1" 200 369 Create-Job successful-ok
localhost - - [14/Aug/2016:06:34:11 -0300] "POST /printers/pr-01016-r 
HTTP/1.1" 200 9373 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:32 -0300] "POST /printers/pr-01036-j 
HTTP/1.1" 200 371 Create-Job successful-ok
localhost - - [14/Aug/2016:06:34:32 -0300] "POST /printers/pr-01036-j 
HTTP/1.1" 200 41189 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:33 -0300] "POST /printers/pr-01036-j 
HTTP/1.1" 200 379 Create-Job successful-ok
localhost - - [14/Aug/2016:06:34:33 -0300] "POST /printers/pr-01036-j 
HTTP/1.1" 200 54611 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:51 -0300] "POST /printers/pr-01006-8 
HTTP/1.1" 200 370 Create-Job successful-ok
localhost - - [14/Aug/2016:06:34:51 -0300] "POST /printers/pr-01006-8 
HTTP/1.1" 200 1992 Send-Document successful-ok


I need only lines:
localhost - - [14/Aug/2016:06:33:54 -0300] "POST /printers/pr-01021-s HTTP/1.1" 
200 66806 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:11 -0300] "POST /printers/pr-01016-r HTTP/1.1" 
200 9373 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:32 -0300] "POST /printers/pr-01036-j HTTP/1.1" 
200 41189 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:33 -0300] "POST /printers/pr-01036-j HTTP/1.1" 
200 54611 Send-Document successful-ok
localhost - - [14/Aug/2016:06:34:51 -0300] "POST /printers/pr-01006-8 HTTP/1.1" 
200 1992 Send-Document successful-ok

that is: Lines containg is string "Send-Document" 




I use logstash as collector :

vim /etc/logstash/conf.d/11-cupsacess.conf

# Entrada padrão dos arquivos de log.
input {
# Ssh
     file {
         type => "access_log_cups"
         path => "/var/log/cups/access_log"
     }
}


# Saída padrão para o Graylog2 no formato GELF.
output  {
        gelf {
                host => "10.122.80.203"
        }
}





can anybody help me? 


filter {
        if [type] == "access_log_cups" {
                grok {
                        match => { "message" => XXXXXXxxxxxxxxx}
                       
                        }
                }


Thank you so much

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ddb755c7-0480-4cb3-874b-3aa7e8776fa2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to