TerribleDev/TimberWinR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
171907e76f4c6a5412172c23d64ba58de4cf44c8
TimberWinR/TimberWinR.ServiceHost/config.json
Eric Fontana 171907e76f Changed input format to Json 
Converted input format to JSON, new unit tests
2014-07-25 14:31:16 -04:00

76 lines
1.8 KiB
JSON
Raw Blame History

{
"TimberWinR":{
"Inputs":{
"WindowsEvents":[
{
"source":"System,Application",
"binaryFormat":"PRINT",
"resolveSIDS":true
}
],
"Logs":[
{
"name":"Syslogs1",
"location":"C:\\Logs1\\*.log"
}
],
"IISW3CLogs":[
{
"name":"Default site",
"location":"c:\\inetpub\\logs\\LogFiles\\W3SVC1\\*"
}
]
},
"Filters":[
{
"grok":{
"condition": "[type] == \"Win32-FileLog\"",
"match":[
"Text",
""
],
"add_field":[
"host",
"%{ComputerName}"
]
}
},
{
"grok":{
"match":[
"message",
"%{SYSLOGLINE}"
],
"add_tag":[
"rn_%{Index}",
"bar"
],
"add_field":[
"foo_%{logsource}",
"Hello dude from %{ComputerName}"
]
}
},
{
"grok":{
"match":[
"Text",
"%{SYSLOGLINE}"
],
"add_tag":[
"rn_%{RecordNumber}",
"bar"
]
}
},
{
"mutate":{
"rename":[
"message",
"Message"
]
}
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink