feat: basic test in container

2025-12-06 08:21:35 +01:00 · 2024-04-13 17:54:56 +02:00
commit b7ff748b07
3 changed files with 63 additions and 0 deletions
--- a/pipe/base.yml
+++ b/pipe/base.yml
@@ -0,0 +1,16 @@
+filter {
+    if [type] == "syslog" {
+        grok {
+            match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+            remove_field => ["message"]
+        }
+        date {
+            match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
+            target => "@timestamp"
+            remove_field => ["syslog_timestamp"]
+        }
+        mutate {
+            remove_field => ["host"]
+        }
+    }
+}