-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdynamic.conf
42 lines (42 loc) · 953 Bytes
/
dynamic.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
input {
generator {
message => "user=jhenderson name=Justin computer=IT02"
count => 1
}
}
filter {
kv {
source => "message"
}
# Once I hit this point there is a field called user
if [user] == "jhenderson" or [user] == "sarah" {
mutate {
add_field => {
"[group][it]" => "Domain Admin"
}
add_field => {
"[@metadata][test]" => "This is a test value"
}
}
# This example changes a nested field back to a top level field
mutate {
rename => {
"[group][it]" => "group"
}
}
}
}
output {
stdout {
codec => rubydebug {
metadata => true # metadata by default is not visible
}
}
udp {
host => "${SYSLOGSERVER}"
port => 514
}
file {
path => "/tmp/%{user}.%{+yyyy.MM.dd}.log"
}
}