Update php filter pattern

author Philipp Dallig <philipp.dallig@pixelpark.com>

Mon, 29 Feb 2016 15:54:43 +0000 (16:54 +0100)

committer Philipp Dallig <philipp.dallig@pixelpark.com>

Mon, 29 Feb 2016 15:54:43 +0000 (16:54 +0100)
author Philipp Dallig <philipp.dallig@pixelpark.com>
Mon, 29 Feb 2016 15:54:43 +0000 (16:54 +0100)
committer Philipp Dallig <philipp.dallig@pixelpark.com>
Mon, 29 Feb 2016 15:54:43 +0000 (16:54 +0100)
diff --git a/classes/site::profile::logstash::php_fpm.yaml b/classes/site::profile::logstash::php_fpm.yaml

index 752ef8dd5cfbcc09996ff84465f1d1663043b29d..fcf9f64894ddff0bed4f42cd0b248d9a343d17c6 100644 (file)
--- a/classes/site::profile::logstash::php_fpm.yaml
+++ b/classes/site::profile::logstash::php_fpm.yaml
@@ -30,7 +30,7 @@ site::profile::logstash::php_fpm::resources:
      parameters:
        match: 
          - message
-        - '\[%%{ich-trickse}{MONTHDAY}-%%{ich-trickse}{MONTH}-%%{ich-trickse}{YEAR} %%{ich-trickse}{TIME}\] %%{ich-trickse}{LOGLEVEL:loglevel}\: %%{ich-trickse}{GREEDYDATA:restmessage}'
+        - '\[%%{ich-trickse}{MONTHDAY}-%%{ich-trickse}{MONTH}-%%{ich-trickse}{YEAR} %%{ich-trickse}{TIME}%%{ich-trickse}{SPACE}%%{ich-trickse}{GREEDYDATA:timezone}?\] %%{ich-trickse}{LOGLEVEL:loglevel}?[ :]*%%{ich-trickse}{GREEDYDATA:restmessage}'
    php_fpm_slow_filter:
      condition: 'if [type] == "php-fpm-slow"'
      resource: grok
author	Philipp Dallig <philipp.dallig@pixelpark.com>
	Mon, 29 Feb 2016 15:54:43 +0000 (16:54 +0100)
committer	Philipp Dallig <philipp.dallig@pixelpark.com>
	Mon, 29 Feb 2016 15:54:43 +0000 (16:54 +0100)