From 7a763433b7d84964670b9f139ef047b425480d29 Mon Sep 17 00:00:00 2001 From: cwray Date: Tue, 10 Jul 2018 09:19:21 -0600 Subject: [PATCH 1/3] Adding another grok pattern to the filebeats mongo module, ingest pipeline. --- filebeat/module/mongodb/log/ingest/pipeline.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/filebeat/module/mongodb/log/ingest/pipeline.json b/filebeat/module/mongodb/log/ingest/pipeline.json index b0a39f2aaf39..69817d6153b1 100755 --- a/filebeat/module/mongodb/log/ingest/pipeline.json +++ b/filebeat/module/mongodb/log/ingest/pipeline.json @@ -4,7 +4,8 @@ "grok": { "field": "message", "patterns":[ - "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} %{WORD:mongodb.log.component} *\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}" + "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} %{WORD:mongodb.log.component} *\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}", + "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} - *\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}" ], "ignore_missing": true } From 5931d3cd249cd34e8fc2c8b96f8350d0cfc13a53 Mon Sep 17 00:00:00 2001 From: cwray Date: Tue, 10 Jul 2018 09:26:44 -0600 Subject: [PATCH 2/3] fixed some spacing --- filebeat/module/mongodb/log/ingest/pipeline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/module/mongodb/log/ingest/pipeline.json b/filebeat/module/mongodb/log/ingest/pipeline.json index 69817d6153b1..fa000f6a9d0b 100755 --- a/filebeat/module/mongodb/log/ingest/pipeline.json +++ b/filebeat/module/mongodb/log/ingest/pipeline.json @@ -5,7 +5,7 @@ "field": "message", "patterns":[ "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} %{WORD:mongodb.log.component} *\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}", - "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} - *\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}" + "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} - *\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}" ], "ignore_missing": true } From 069b5e71cdff86dc7b833791214ad8e7ecae4e02 Mon Sep 17 00:00:00 2001 From: cwray Date: Tue, 10 Jul 2018 09:19:21 -0600 Subject: [PATCH 3/3] Adding another grok pattern to the filebeats mongo module, ingest pipeline. --- filebeat/module/mongodb/log/ingest/pipeline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/filebeat/module/mongodb/log/ingest/pipeline.json b/filebeat/module/mongodb/log/ingest/pipeline.json index fa000f6a9d0b..224a82b69b77 100755 --- a/filebeat/module/mongodb/log/ingest/pipeline.json +++ b/filebeat/module/mongodb/log/ingest/pipeline.json @@ -4,8 +4,8 @@ "grok": { "field": "message", "patterns":[ - "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} %{WORD:mongodb.log.component} *\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}", - "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} - *\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}" + "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} %{WORD:mongodb.log.component} \\s*\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}", + "%{TIMESTAMP_ISO8601:mongodb.log.timestamp} %{WORD:mongodb.log.severity} - \\s*\\[%{WORD:mongodb.log.context}\\] %{GREEDYDATA:mongodb.log.message}" ], "ignore_missing": true }