-
Notifications
You must be signed in to change notification settings - Fork 2
/
sample.conf
55 lines (50 loc) · 1.41 KB
/
sample.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
aws_region=us-west-2
aws_access_key = AAAAAA
aws_secret_access_key = ZZZZZZZZZZZZZZ
stream = my-firehose
app = my-web-app
app_ver = 1.0
[nginx-access]
file = /var/log/nginx/access.log
parse_mode = regex
line_regex = ^(?P<remote_address>[^ ]*)\ \-\ (?P<remote_user>[^ ]*)\ \[(?P<event_datetime>[^\]]*)\] \"[^\"]*\"\ (?P<log_level>[\d]*)\ (?P<response_bytes>[-\d]*)\ \"(?P<http_referer>[^\"]*)\"\ \"(?P<http_user_agent>[^\"]*)\"\s?(?P<response_s>[-\d\.]+)?
time_format = 02/Jan/2006:15:04:05 +0000
[nginx-error]
file = /var/log/nginx/error.log
parse_mode = regex
line_regex = ^(?P<event_datetime>^[^ ]*\ [^ ]*)\ \[(?P<log_level>[^\]]*)\]\ [^\:]*\:\ [^ ]*\ .*
time_format = 2006/01/02 15:04:05
[jsonapp]
file = /var/log/node/node.log
parse_mode = json
time_format = 2006-01-02T15:04:05.000Z
[jsonapp.field_mappings]
log_level = severity
event_datetime = timestamp
remote_address = remoteIp
device_type = deviceModel
device_tag = deviceId
user_tag = userId
country = country
os = platform
[record_format]
app = string,16
app_ver = string,16
ingest_datetime = timestamp
event_datetime = timestamp
hostname = string,64
filename = string,256
log_level = string,16
device_tag = string,64
user_tag = string,64
remote_address = string,64
response_bytes = integer
response_ms = double
device_type = string,32
os = string,16
os_ver = string,16
browser = string,32
browser_ver = string,16
country = string,64
language = string,16
log_line = string