第四章 logstash

参考：http://kibana.logstash.es/content/logstash/plugins/input/stdin.html

最常用法：

input {
    stdin {
        tags => ["_grokparsefailure"]
        type => "web"
    }
}

filter {
    if [type] == "web" {
        grok {
            match => ["message", %{COMBINEDAPACHELOG}]
        }
    }
}

output {
    if "_grokparsefailure" in [tags] {
        nagios_nsca {
            nagios_status => "1"
        }
    } else {
        elasticsearch {
        }
    }
}