TerribleDev/TimberWinR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
TimberWinR/TimberWinR.ServiceHost/config.json
Eric Fontana 024fa68e34 Removed Vistaprint references
2015-01-29 10:17:46 -05:00

109 lines
3.2 KiB
JSON
Raw Permalink Blame History

{
"TimberWinR": {
"Inputs": {
"Stdin": [
{
"codec": "json"
}
],
"WindowsEvents": [
{
"source": "System,Application",
"binaryFormat": "PRINT",
"resolveSIDS": true
}
],
"Tcp": [
{
"_comment": "Output from NLog",
"port": 5140
}
]
},
"Filters": [
{
"grok": {
"condition": "\"[type]\" == \"Win32-Eventlog\"",
"match": [
"Message",
""
],
"remove_field": [
"ComputerName"
]
}
},
{
"grok": {
"match": [
"message",
"%{SYSLOGLINE}"
],
"add_tag": [
"rn_%{Index}",
"bar"
],
"add_field": [
"foo_%{logsource}",
"Hello dude from %{ComputerName}"
]
}
},
{
"grok": {
"match": [
"Text",
"%{SYSLOGLINE}"
],
"add_tag": [
"rn_%{RecordNumber}",
"bar"
]
}
},
{
"date": {
"condition": "\"[type]\" == \"Win32-FileLog\"",
"match": [
"timestamp",
"MMM d HH:mm:sss",
"MMM dd HH:mm:ss"
],
"target": "UtcTimestamp",
"convertToUTC": true
}
},
{
"mutate": {
"_comment": "Orion Rules",
"rename": [
"ComputerName", "Host",
"SID", "Username"
]
}
}
],
"Outputs": {
"Redis": [
{
"threads": 1,
"interval": 5000,
"batch_count": 500,
"host": [
"tstlexiceapp006.mycompany.svc"
]
}
],
"Elasticsearch": [
{
"threads": 1,
"interval": 5000,
"host": [
"tstlexiceapp003.mycompany.svc"
]
}
]
}
}
}
Reference in New Issue View Git Blame Copy Permalink