mahdihty
/
liwo
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
107 Commits
5 Branches
0 Tags
1.4 MiB
Tree: ecea4065fe
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ecea4065fe'
${ noResults }
liwo/liwo.json

1989 lines
53 KiB
Raw Normal View History

This is a basic implementation of graylog that works.
4 years ago
  1. {
  2. "v": 1,
  3. "id": "2aa0878d-6246-4763-a90f-46a91120e87b",
  4. "rev": 1,
  5. "name": "Liwo",
  6. "summary": "Liwo",
  7. "description": "",
  8. "vendor": "akbarjimi",
  9. "url": "",
  10. "parameters": [],
  11. "entities": [
  12. {
  13. "v": "1",
  14. "type": {
  15. "name": "grok_pattern",
  16. "version": "1"
  17. },
  18. "id": "2f1e3986-c53c-424a-a5f4-289a8df7c8f5",
  19. "data": {
  20. "name": "CISCOMAC",
  21. "pattern": "(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})"
  22. },
  23. "constraints": [
  24. {
  25. "type": "server-version",
  26. "version": ">=4.0.5+d95b909"
  27. }
  28. ]
  29. },
  30. {
  31. "v": "1",
  32. "type": {
  33. "name": "grok_pattern",
  34. "version": "1"
  35. },
  36. "id": "7fed04d3-9f53-4513-9768-ea5cd873ef05",
  37. "data": {
  38. "name": "MONTHNUM",
  39. "pattern": "(?:0?[1-9]|1[0-2])"
  40. },
  41. "constraints": [
  42. {
  43. "type": "server-version",
  44. "version": ">=4.0.5+d95b909"
  45. }
  46. ]
  47. },
  48. {
  49. "v": "1",
  50. "type": {
  51. "name": "grok_pattern",
  52. "version": "1"
  53. },
  54. "id": "b5b008ad-459a-44c7-bc3c-bc715b21d685",
  55. "data": {
  56. "name": "SYSLOGBASE",
  57. "pattern": "%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:"
  58. },
  59. "constraints": [
  60. {
  61. "type": "server-version",
  62. "version": ">=4.0.5+d95b909"
  63. }
  64. ]
  65. },
  66. {
  67. "v": "1",
  68. "type": {
  69. "name": "sidecar_collector",
  70. "version": "1"
  71. },
  72. "id": "e5fdce7e-e209-4bc5-b233-b89d91cfc8e9",
  73. "data": {
  74. "name": {
  75. "@type": "string",
  76. "@value": "nxlog"
  77. },
  78. "service_type": {
  79. "@type": "string",
  80. "@value": "svc"
  81. },
  82. "node_operating_system": {
  83. "@type": "string",
  84. "@value": "windows"
  85. },
  86. "executable_path": {
  87. "@type": "string",
  88. "@value": "C:\\Program Files (x86)\\nxlog\\nxlog.exe"
  89. },
  90. "execute_parameters": {
  91. "@type": "string",
  92. "@value": "-c \"%s\""
  93. },
  94. "validation_parameters": {
  95. "@type": "string",
  96. "@value": "-v -f -c \"%s\""
  97. },
  98. "default_template": {
  99. "@type": "string",
  100. "@value": "define ROOT C:\\Program Files (x86)\\nxlog\n\nModuledir %ROOT%\\modules\nCacheDir %ROOT%\\data\nPidfile %ROOT%\\data\\nxlog.pid\nSpoolDir %ROOT%\\data\nLogFile %ROOT%\\data\\nxlog.log\nLogLevel INFO\n\n<Extension logrotate>\n Module xm_fileop\n <Schedule>\n When @daily\n Exec file_cycle('%ROOT%\\data\\nxlog.log', 7);\n </Schedule>\n</Extension>\n\n\n<Extension gelfExt>\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n</Extension>\n\n<Input eventlog>\n Module im_msvistalog\n PollInterval 1\n SavePos True\n ReadFromLast True\n \n #Channel System\n #<QueryXML>\n # <QueryList>\n # <Query Id='1'>\n # <Select Path='Security'>*[System/Level=4]</Select>\n # </Query>\n # </QueryList>\n #</QueryXML>\n</Input>\n\n\n<Input file>\n\tModule im_file\n\tFile 'C:\\Windows\\MyLogDir\\\\*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n</Input>\n\n\n<Output gelf>\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t<Exec>\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t</Exec>\n</Output>\n\n\n<Route route-1>\n Path eventlog => gelf\n</Route>\n<Route route-2>\n Path file => gelf\n</Route>\n\n"
  101. }
  102. },
  103. "constraints": [
  104. {
  105. "type": "server-version",
  106. "version": ">=4.0.5+d95b909"
  107. }
  108. ]
  109. },
  110. {
  111. "v": "1",
  112. "type": {
  113. "name": "grok_pattern",
  114. "version": "1"
  115. },
  116. "id": "e3d488c0-7439-404a-a614-b39795b01de1",
  117. "data": {
  118. "name": "GREEDYDATA",
  119. "pattern": ".*"
  120. },
  121. "constraints": [
  122. {
  123. "type": "server-version",
  124. "version": ">=4.0.5+d95b909"
  125. }
  126. ]
  127. },
  128. {
  129. "v": "1",
  130. "type": {
  131. "name": "dashboard",
  132. "version": "2"
  133. },
  134. "id": "b00f36f9-201b-476b-b234-07b65bd26541",
  135. "data": {
  136. "summary": {
  137. "@type": "string",
  138. "@value": "This is a list of all sources that sent in messages to Graylog."
  139. },
  140. "search": {
  141. "queries": [
  142. {
  143. "id": "a1647eb6-a064-4fe6-b459-1e4267d3f659",
  144. "timerange": {
  145. "type": "relative",
  146. "range": 300
  147. },
  148. "query": {
  149. "type": "elasticsearch",
  150. "query_string": ""
  151. },
  152. "search_types": [
  153. {
  154. "query": null,
  155. "name": "chart",
  156. "timerange": {
  157. "type": "relative",
  158. "range": 300
  159. },
  160. "streams": [],
  161. "series": [
  162. {
  163. "type": "count",
  164. "id": "Message count",
  165. "field": null
  166. }
  167. ],
  168. "filter": null,
  169. "rollup": true,
  170. "row_groups": [
  171. {
  172. "type": "time",
  173. "field": "timestamp",
  174. "interval": {
  175. "type": "auto",
  176. "scaling": 1
  177. }
  178. }
  179. ],
  180. "type": "pivot",
  181. "id": "481de18f-938e-40d5-8ab2-6eaf6a28f091",
  182. "column_groups": [],
  183. "sort": []
  184. },
  185. {
  186. "query": null,
  187. "name": "chart",
  188. "timerange": {
  189. "type": "relative",
  190. "range": 300
  191. },
  192. "streams": [],
  193. "series": [
  194. {
  195. "type": "count",
  196. "id": "Message count",
  197. "field": null
  198. }
  199. ],
  200. "filter": null,
  201. "rollup": true,
  202. "row_groups": [
  203. {
  204. "type": "values",
  205. "field": "source",
  206. "limit": 15
  207. }
  208. ],
  209. "type": "pivot",
  210. "id": "011b2894-49e5-44d8-aab6-8c4d4457a886",
  211. "column_groups": [],
  212. "sort": [
  213. {
  214. "type": "series",
  215. "field": "count()",
  216. "direction": "Descending"
  217. }
  218. ]
  219. },
  220. {
  221. "query": null,
  222. "name": "chart",
  223. "timerange": {
  224. "type": "relative",
  225. "range": 300
  226. },
  227. "streams": [],
  228. "series": [
  229. {
  230. "type": "count",
  231. "id": "Message count",
  232. "field": null
  233. }
  234. ],
  235. "filter": null,
  236. "rollup": true,
  237. "row_groups": [
  238. {
  239. "type": "values",
  240. "field": "source",
  241. "limit": 10
  242. }
  243. ],
  244. "type": "pivot",
  245. "id": "a964f1c5-e108-4b5e-a907-ffe0b0f0683c",
  246. "column_groups": [],
  247. "sort": [
  248. {
  249. "type": "series",
  250. "field": "count()",
  251. "direction": "Descending"
  252. }
  253. ]
  254. }
  255. ]
  256. }
  257. ],
  258. "parameters": [],
  259. "requires": {},
  260. "owner": "admin",
  261. "created_at": "2019-11-22T10:58:47.255Z"
  262. },
  263. "created_at": "2019-11-22T10:54:50.950Z",
  264. "requires": {},
  265. "state": {
  266. "a1647eb6-a064-4fe6-b459-1e4267d3f659": {
  267. "selected_fields": null,
  268. "static_message_list_id": null,
  269. "titles": {
  270. "tab": {
  271. "title": "Sources Overview"
  272. },
  273. "widget": {
  274. "6c127c5d-be75-4157-b43f-ac0194ac0586": "Selected sources",
  275. "92d63811-e4dd-47db-bd3b-db03c8a9bd53": "Messages per Source",
  276. "00637e63-d728-4b3e-932b-7c8696b4855d": "Messages over time"
  277. }
  278. },
  279. "widgets": [
  280. {
  281. "id": "92d63811-e4dd-47db-bd3b-db03c8a9bd53",
  282. "type": "aggregation",
  283. "filter": null,
  284. "timerange": {
  285. "type": "relative",
  286. "range": 300
  287. },
  288. "query": null,
  289. "streams": [],
  290. "config": {
  291. "visualization": "pie",
  292. "event_annotation": false,
  293. "row_pivots": [
  294. {
  295. "field": "source",
  296. "type": "values",
  297. "config": {
  298. "limit": 10
  299. }
  300. }
  301. ],
  302. "series": [
  303. {
  304. "config": {
  305. "name": "Message count"
  306. },
  307. "function": "count()"
  308. }
  309. ],
  310. "rollup": true,
  311. "column_pivots": [],
  312. "visualization_config": null,
  313. "formatting_settings": null,
  314. "sort": [
  315. {
  316. "type": "series",
  317. "field": "count()",
  318. "direction": "Descending"
  319. }
  320. ]
  321. }
  322. },
  323. {
  324. "id": "6c127c5d-be75-4157-b43f-ac0194ac0586",
  325. "type": "aggregation",
  326. "filter": null,
  327. "timerange": {
  328. "type": "relative",
  329. "range": 300
  330. },
  331. "query": null,
  332. "streams": [],
  333. "config": {
  334. "visualization": "table",
  335. "event_annotation": false,
  336. "row_pivots": [
  337. {
  338. "field": "source",
  339. "type": "values",
  340. "config": {
  341. "limit": 15
  342. }
  343. }
  344. ],
  345. "series": [
  346. {
  347. "config": {
  348. "name": "Message count"
  349. },
  350. "function": "count()"
  351. }
  352. ],
  353. "rollup": true,
  354. "column_pivots": [],
  355. "visualization_config": null,
  356. "formatting_settings": null,
  357. "sort": [
  358. {
  359. "type": "series",
  360. "field": "count()",
  361. "direction": "Descending"
  362. }
  363. ]
  364. }
  365. },
  366. {
  367. "id": "00637e63-d728-4b3e-932b-7c8696b4855d",
  368. "type": "aggregation",
  369. "filter": null,
  370. "timerange": {
  371. "type": "relative",
  372. "range": 300
  373. },
  374. "query": null,
  375. "streams": [],
  376. "config": {
  377. "visualization": "line",
  378. "event_annotation": false,
  379. "row_pivots": [
  380. {
  381. "field": "timestamp",
  382. "type": "time",
  383. "config": {
  384. "interval": {
  385. "type": "auto",
  386. "scaling": null
  387. }
  388. }
  389. }
  390. ],
  391. "series": [
  392. {
  393. "config": {
  394. "name": "Message count"
  395. },
  396. "function": "count()"
  397. }
  398. ],
  399. "rollup": true,
  400. "column_pivots": [],
  401. "visualization_config": null,
  402. "formatting_settings": null,
  403. "sort": []
  404. }
  405. }
  406. ],
  407. "widget_mapping": {
  408. "6c127c5d-be75-4157-b43f-ac0194ac0586": [
  409. "011b2894-49e5-44d8-aab6-8c4d4457a886"
  410. ],
  411. "92d63811-e4dd-47db-bd3b-db03c8a9bd53": [
  412. "a964f1c5-e108-4b5e-a907-ffe0b0f0683c"
  413. ],
  414. "00637e63-d728-4b3e-932b-7c8696b4855d": [
  415. "481de18f-938e-40d5-8ab2-6eaf6a28f091"
  416. ]
  417. },
  418. "positions": {
  419. "6c127c5d-be75-4157-b43f-ac0194ac0586": {
  420. "col": 1,
  421. "row": 5,
  422. "height": 4,
  423. "width": 6
  424. },
  425. "92d63811-e4dd-47db-bd3b-db03c8a9bd53": {
  426. "col": 7,
  427. "row": 5,
  428. "height": 4,
  429. "width": 6
  430. },
  431. "00637e63-d728-4b3e-932b-7c8696b4855d": {
  432. "col": 1,
  433. "row": 1,
  434. "height": 4,
  435. "width": "Infinity"
  436. }
  437. },
  438. "formatting": {
  439. "highlighting": []
  440. },
  441. "display_mode_settings": {
  442. "positions": {}
  443. }
  444. }
  445. },
  446. "properties": [],
  447. "owner": "admin",
  448. "title": {
  449. "@type": "string",
  450. "@value": "Sources"
  451. },
  452. "type": "DASHBOARD",
  453. "description": {
  454. "@type": "string",
  455. "@value": "This is a list of all sources that sent in messages to Graylog. You can narrow the timerange by zooming in on the message histogram, or you can increase the time range by specifying a broader one in the controls at the top. You can also specify filters to limit the results you are seeing. You can also add additional widgets to this dashboard, or adapt the appearance of existing widgets to suit your needs."
  456. }
  457. },
  458. "constraints": [
  459. {
  460. "type": "server-version",
  461. "version": ">=4.0.5+d95b909"
  462. }
  463. ]
  464. },
  465. {
  466. "v": "1",
  467. "type": {
  468. "name": "grok_pattern",
  469. "version": "1"
  470. },
  471. "id": "1da7f012-0a89-46a5-910c-75c1918289a5",
  472. "data": {
  473. "name": "BASE16NUM",
  474. "pattern": "(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))"
  475. },
  476. "constraints": [
  477. {
  478. "type": "server-version",
  479. "version": ">=4.0.5+d95b909"
  480. }
  481. ]
  482. },
  483. {
  484. "v": "1",
  485. "type": {
  486. "name": "grok_pattern",
  487. "version": "1"
  488. },
  489. "id": "1c0bba53-ee9d-4cf7-bf1f-02d21955401f",
  490. "data": {
  491. "name": "USER",
  492. "pattern": "%{USERNAME}"
  493. },
  494. "constraints": [
  495. {
  496. "type": "server-version",
  497. "version": ">=4.0.5+d95b909"
  498. }
  499. ]
  500. },
  501. {
  502. "v": "1",
  503. "type": {
  504. "name": "grok_pattern",
  505. "version": "1"
  506. },
  507. "id": "497ef367-b27b-42bb-a81c-50bd29f4817c",
  508. "data": {
  509. "name": "HTTPD20_ERRORLOG",
  510. "pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}"
  511. },
  512. "constraints": [
  513. {
  514. "type": "server-version",
  515. "version": ">=4.0.5+d95b909"
  516. }
  517. ]
  518. },
  519. {
  520. "v": "1",
  521. "type": {
  522. "name": "grok_pattern",
  523. "version": "1"
  524. },
  525. "id": "42fd8b52-5bb5-40a0-9b83-efe71775d4b4",
  526. "data": {
  527. "name": "SECOND",
  528. "pattern": "(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)"
  529. },
  530. "constraints": [
  531. {
  532. "type": "server-version",
  533. "version": ">=4.0.5+d95b909"
  534. }
  535. ]
  536. },
  537. {
  538. "v": "1",
  539. "type": {
  540. "name": "grok_pattern",
  541. "version": "1"
  542. },
  543. "id": "5c41392a-5c34-4757-8d8d-2d36b95dab67",
  544. "data": {
  545. "name": "LOGLEVEL",
  546. "pattern": "([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)"
  547. },
  548. "constraints": [
  549. {
  550. "type": "server-version",
  551. "version": ">=4.0.5+d95b909"
  552. }
  553. ]
  554. },
  555. {
  556. "v": "1",
  557. "type": {
  558. "name": "grok_pattern",
  559. "version": "1"
  560. },
  561. "id": "94f1ae77-2e19-43fc-98dd-0b1ecfdb6076",
  562. "data": {
  563. "name": "MINUTE",
  564. "pattern": "(?:[0-5][0-9])"
  565. },
  566. "constraints": [
  567. {
  568. "type": "server-version",
  569. "version": ">=4.0.5+d95b909"
  570. }
  571. ]
  572. },
  573. {
  574. "v": "1",
  575. "type": {
  576. "name": "grok_pattern",
  577. "version": "1"
  578. },
  579. "id": "31102730-a557-4714-92bd-379b6838baab",
  580. "data": {
  581. "name": "HTTPDUSER",
  582. "pattern": "%{EMAILADDRESS}|%{USER}"
  583. },
  584. "constraints": [
  585. {
  586. "type": "server-version",
  587. "version": ">=4.0.5+d95b909"
  588. }
  589. ]
  590. },
  591. {
  592. "v": "1",
  593. "type": {
  594. "name": "grok_pattern",
  595. "version": "1"
  596. },
  597. "id": "297f4106-f19d-44f5-a860-111f0cec7f55",
  598. "data": {
  599. "name": "YEAR",
  600. "pattern": "(?>\\d\\d){1,2}"
  601. },
  602. "constraints": [
  603. {
  604. "type": "server-version",
  605. "version": ">=4.0.5+d95b909"
  606. }
  607. ]
  608. },
  609. {
  610. "v": "1",
  611. "type": {
  612. "name": "input",
  613. "version": "1"
  614. },
  615. "id": "77e24609-e2ec-46cf-ab7a-12cde3fe92ca",
  616. "data": {
  617. "title": {
  618. "@type": "string",
  619. "@value": "Laravel"
  620. },
  621. "configuration": {
  622. "recv_buffer_size": {
  623. "@type": "integer",
  624. "@value": 1048576
  625. },
  626. "port": {
  627. "@type": "integer",
  628. "@value": 12201
  629. },
  630. "number_worker_threads": {
  631. "@type": "integer",
  632. "@value": 4
  633. },
  634. "bind_address": {
  635. "@type": "string",
  636. "@value": "0.0.0.0"
  637. },
  638. "decompress_size_limit": {
  639. "@type": "integer",
  640. "@value": 8388608
  641. }
  642. },
  643. "static_fields": {},
  644. "type": {
  645. "@type": "string",
  646. "@value": "org.graylog2.inputs.gelf.udp.GELFUDPInput"
  647. },
  648. "global": {
  649. "@type": "boolean",
  650. "@value": false
  651. },
  652. "extractors": []
  653. },
  654. "constraints": [
  655. {
  656. "type": "server-version",
  657. "version": ">=4.0.5+d95b909"
  658. }
  659. ]
  660. },
  661. {
  662. "v": "1",
  663. "type": {
  664. "name": "grok_pattern",
  665. "version": "1"
  666. },
  667. "id": "108013a3-5ae7-406c-8b57-3438e36bfd1d",
  668. "data": {
  669. "name": "WINPATH",
  670. "pattern": "(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+"
  671. },
  672. "constraints": [
  673. {
  674. "type": "server-version",
  675. "version": ">=4.0.5+d95b909"
  676. }
  677. ]
  678. },
  679. {
  680. "v": "1",
  681. "type": {
  682. "name": "grok_pattern",
  683. "version": "1"
  684. },
  685. "id": "b25b9489-5cb4-4123-acc3-a6c38ecfccd4",
  686. "data": {
  687. "name": "USERNAME",
  688. "pattern": "[a-zA-Z0-9._-]+"
  689. },
  690. "constraints": [
  691. {
  692. "type": "server-version",
  693. "version": ">=4.0.5+d95b909"
  694. }
  695. ]
  696. },
  697. {
  698. "v": "1",
  699. "type": {
  700. "name": "grok_pattern",
  701. "version": "1"
  702. },
  703. "id": "ec5722cc-23e8-4f46-81ce-4ff942607c6b",
  704. "data": {
  705. "name": "SYSLOGTIMESTAMP",
  706. "pattern": "%{MONTH} +%{MONTHDAY} %{TIME}"
  707. },
  708. "constraints": [
  709. {
  710. "type": "server-version",
  711. "version": ">=4.0.5+d95b909"
  712. }
  713. ]
  714. },
  715. {
  716. "v": "1",
  717. "type": {
  718. "name": "grok_pattern",
  719. "version": "1"
  720. },
  721. "id": "457ff006-5b18-4775-bf59-4d66bd402018",
  722. "data": {
  723. "name": "URIPROTO",
  724. "pattern": "[A-Za-z]+(\\+[A-Za-z+]+)?"
  725. },
  726. "constraints": [
  727. {
  728. "type": "server-version",
  729. "version": ">=4.0.5+d95b909"
  730. }
  731. ]
  732. },
  733. {
  734. "v": "1",
  735. "type": {
  736. "name": "grok_pattern",
  737. "version": "1"
  738. },
  739. "id": "1059e583-9144-43da-ae9a-ca44c3f8ea09",
  740. "data": {
  741. "name": "HTTPD24_ERRORLOG",
  742. "pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}"
  743. },
  744. "constraints": [
  745. {
  746. "type": "server-version",
  747. "version": ">=4.0.5+d95b909"
  748. }
  749. ]
  750. },
  751. {
  752. "v": "1",
  753. "type": {
  754. "name": "grok_pattern",
  755. "version": "1"
  756. },
  757. "id": "49c06919-2c80-426d-abad-34ab7f9acc07",
  758. "data": {
  759. "name": "COMBINEDAPACHELOG",
  760. "pattern": "%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}"
  761. },
  762. "constraints": [
  763. {
  764. "type": "server-version",
  765. "version": ">=4.0.5+d95b909"
  766. }
  767. ]
  768. },
  769. {
  770. "v": "1",
  771. "type": {
  772. "name": "grok_pattern",
  773. "version": "1"
  774. },
  775. "id": "9cc6556b-3bf4-4a1f-b03f-86653daba4d9",
  776. "data": {
  777. "name": "COMMONAPACHELOG",
  778. "pattern": "%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp;date;dd/MMM/yyyy:HH:mm:ss Z}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)"
  779. },
  780. "constraints": [
  781. {
  782. "type": "server-version",
  783. "version": ">=4.0.5+d95b909"
  784. }
  785. ]
  786. },
  787. {
  788. "v": "1",
  789. "type": {
  790. "name": "grok_pattern",
  791. "version": "1"
  792. },
  793. "id": "e3ff9ecc-341a-4ffa-899b-561245ba32c4",
  794. "data": {
  795. "name": "HTTPD_ERRORLOG",
  796. "pattern": "%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}"
  797. },
  798. "constraints": [
  799. {
  800. "type": "server-version",
  801. "version": ">=4.0.5+d95b909"
  802. }
  803. ]
  804. },
  805. {
  806. "v": "1",
  807. "type": {
  808. "name": "grok_pattern",
  809. "version": "1"
  810. },
  811. "id": "90231790-9904-4a76-a811-4d921005cf5d",
  812. "data": {
  813. "name": "MONTHNUM2",
  814. "pattern": "(?:0[1-9]|1[0-2])"
  815. },
  816. "constraints": [
  817. {
  818. "type": "server-version",
  819. "version": ">=4.0.5+d95b909"
  820. }
  821. ]
  822. },
  823. {
  824. "v": "1",
  825. "type": {
  826. "name": "sidecar_collector",
  827. "version": "1"
  828. },
  829. "id": "73c5dff8-330d-41ca-bd05-100d85008ee2",
  830. "data": {
  831. "name": {
  832. "@type": "string",
  833. "@value": "filebeat"
  834. },
  835. "service_type": {
  836. "@type": "string",
  837. "@value": "svc"
  838. },
  839. "node_operating_system": {
  840. "@type": "string",
  841. "@value": "windows"
  842. },
  843. "executable_path": {
  844. "@type": "string",
  845. "@value": "C:\\Program Files\\Graylog\\sidecar\\filebeat.exe"
  846. },
  847. "execute_parameters": {
  848. "@type": "string",
  849. "@value": "-c \"%s\""
  850. },
  851. "validation_parameters": {
  852. "@type": "string",
  853. "@value": "test config -c \"%s\""
  854. },
  855. "default_template": {
  856. "@type": "string",
  857. "@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\filebeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nfilebeat.inputs:\n- type: log\n enabled: true\n paths:\n - C:\\logs\\log.log\n"
  858. }
  859. },
  860. "constraints": [
  861. {
  862. "type": "server-version",
  863. "version": ">=4.0.5+d95b909"
  864. }
  865. ]
  866. },
  867. {
  868. "v": "1",
  869. "type": {
  870. "name": "grok_pattern",
  871. "version": "1"
  872. },
  873. "id": "ba9ab685-0de5-4846-809e-c184a9062374",
  874. "data": {
  875. "name": "IP",
  876. "pattern": "(?:%{IPV6}|%{IPV4})"
  877. },
  878. "constraints": [
  879. {
  880. "type": "server-version",
  881. "version": ">=4.0.5+d95b909"
  882. }
  883. ]
  884. },
  885. {
  886. "v": "1",
  887. "type": {
  888. "name": "grok_pattern",
  889. "version": "1"
  890. },
  891. "id": "27288d6a-5ba3-4ee4-8413-7648f63424a1",
  892. "data": {
  893. "name": "DATE_US",
  894. "pattern": "%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}"
  895. },
  896. "constraints": [
  897. {
  898. "type": "server-version",
  899. "version": ">=4.0.5+d95b909"
  900. }
  901. ]
  902. },
  903. {
  904. "v": "1",
  905. "type": {
  906. "name": "sidecar_collector",
  907. "version": "1"
  908. },
  909. "id": "b710a7b4-062d-4f4d-ac6e-594735d78b45",
  910. "data": {
  911. "name": {
  912. "@type": "string",
  913. "@value": "winlogbeat"
  914. },
  915. "service_type": {
  916. "@type": "string",
  917. "@value": "svc"
  918. },
  919. "node_operating_system": {
  920. "@type": "string",
  921. "@value": "windows"
  922. },
  923. "executable_path": {
  924. "@type": "string",
  925. "@value": "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
  926. },
  927. "execute_parameters": {
  928. "@type": "string",
  929. "@value": "-c \"%s\""
  930. },
  931. "validation_parameters": {
  932. "@type": "string",
  933. "@value": "test config -c \"%s\""
  934. },
  935. "default_template": {
  936. "@type": "string",
  937. "@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\winlogbeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nwinlogbeat:\n event_logs:\n - name: Application\n - name: System\n - name: Security"
  938. }
  939. },
  940. "constraints": [
  941. {
  942. "type": "server-version",
  943. "version": ">=4.0.5+d95b909"
  944. }
  945. ]
  946. },
  947. {
  948. "v": "1",
  949. "type": {
  950. "name": "grok_pattern",
  951. "version": "1"
  952. },
  953. "id": "921e7b58-1d38-4b0c-80e5-a04415b3ef58",
  954. "data": {
  955. "name": "INT",
  956. "pattern": "(?:[+-]?(?:[0-9]+))"
  957. },
  958. "constraints": [
  959. {
  960. "type": "server-version",
  961. "version": ">=4.0.5+d95b909"
  962. }
  963. ]
  964. },
  965. {
  966. "v": "1",
  967. "type": {
  968. "name": "grok_pattern",
  969. "version": "1"
  970. },
  971. "id": "ff2b8a70-59fd-4af2-a493-ca8b1d2585a9",
  972. "data": {
  973. "name": "PATH",
  974. "pattern": "(?:%{UNIXPATH}|%{WINPATH})"
  975. },
  976. "constraints": [
  977. {
  978. "type": "server-version",
  979. "version": ">=4.0.5+d95b909"
  980. }
  981. ]
  982. },
  983. {
  984. "v": "1",
  985. "type": {
  986. "name": "grok_pattern",
  987. "version": "1"
  988. },
  989. "id": "1c771f5f-b716-4312-a302-b1fb300117e3",
  990. "data": {
  991. "name": "NONNEGINT",
  992. "pattern": "\\b(?:[0-9]+)\\b"
  993. },
  994. "constraints": [
  995. {
  996. "type": "server-version",
  997. "version": ">=4.0.5+d95b909"
  998. }
  999. ]
  1000. },
  1001. {
  1002. "v": "1",
  1003. "type": {
  1004. "name": "grok_pattern",
  1005. "version": "1"
  1006. },
  1007. "id": "a8acf205-e1de-4039-bc41-a08024424409",
  1008. "data": {
  1009. "name": "SPACE",
  1010. "pattern": "\\s*"
  1011. },
  1012. "constraints": [
  1013. {
  1014. "type": "server-version",
  1015. "version": ">=4.0.5+d95b909"
  1016. }
  1017. ]
  1018. },
  1019. {
  1020. "v": "1",
  1021. "type": {
  1022. "name": "grok_pattern",
  1023. "version": "1"
  1024. },
  1025. "id": "d97c0288-6e96-48e3-948e-88da47d5fecf",
  1026. "data": {
  1027. "name": "DATESTAMP_RFC822",
  1028. "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}"
  1029. },
  1030. "constraints": [
  1031. {
  1032. "type": "server-version",
  1033. "version": ">=4.0.5+d95b909"
  1034. }
  1035. ]
  1036. },
  1037. {
  1038. "v": "1",
  1039. "type": {
  1040. "name": "grok_pattern",
  1041. "version": "1"
  1042. },
  1043. "id": "43df0cda-b6e9-4e40-8f67-84e8ef3f85c6",
  1044. "data": {
  1045. "name": "URIPARAM",
  1046. "pattern": "\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*"
  1047. },
  1048. "constraints": [
  1049. {
  1050. "type": "server-version",
  1051. "version": ">=4.0.5+d95b909"
  1052. }
  1053. ]
  1054. },
  1055. {
  1056. "v": "1",
  1057. "type": {
  1058. "name": "grok_pattern",
  1059. "version": "1"
  1060. },
  1061. "id": "1f2a717b-2847-4a80-aeca-fd20c8253cf5",
  1062. "data": {
  1063. "name": "DATESTAMP",
  1064. "pattern": "%{DATE}[- ]%{TIME}"
  1065. },
  1066. "constraints": [
  1067. {
  1068. "type": "server-version",
  1069. "version": ">=4.0.5+d95b909"
  1070. }
  1071. ]
  1072. },
  1073. {
  1074. "v": "1",
  1075. "type": {
  1076. "name": "grok_pattern",
  1077. "version": "1"
  1078. },
  1079. "id": "20b5dabc-dca7-47b2-890d-732e1fcffef7",
  1080. "data": {
  1081. "name": "WORD",
  1082. "pattern": "\\b\\w+\\b"
  1083. },
  1084. "constraints": [
  1085. {
  1086. "type": "server-version",
  1087. "version": ">=4.0.5+d95b909"
  1088. }
  1089. ]
  1090. },
  1091. {
  1092. "v": "1",
  1093. "type": {
  1094. "name": "grok_pattern",
  1095. "version": "1"
  1096. },
  1097. "id": "e7903224-2b7b-4c32-b36f-b2925d1abbb8",
  1098. "data": {
  1099. "name": "URI",
  1100. "pattern": "%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?"
  1101. },
  1102. "constraints": [
  1103. {
  1104. "type": "server-version",
  1105. "version": ">=4.0.5+d95b909"
  1106. }
  1107. ]
  1108. },
  1109. {
  1110. "v": "1",
  1111. "type": {
  1112. "name": "grok_pattern",
  1113. "version": "1"
  1114. },
  1115. "id": "1faa4b48-edee-40a4-9f3d-fd96cfa8034f",
  1116. "data": {
  1117. "name": "HOUR",
  1118. "pattern": "(?:2[0123]|[01]?[0-9])"
  1119. },
  1120. "constraints": [
  1121. {
  1122. "type": "server-version",
  1123. "version": ">=4.0.5+d95b909"
  1124. }
  1125. ]
  1126. },
  1127. {
  1128. "v": "1",
  1129. "type": {
  1130. "name": "grok_pattern",
  1131. "version": "1"
  1132. },
  1133. "id": "4249fead-f4e4-40cb-a259-f9a8cfe84c51",
  1134. "data": {
  1135. "name": "SYSLOGHOST",
  1136. "pattern": "%{IPORHOST}"
  1137. },
  1138. "constraints": [
  1139. {
  1140. "type": "server-version",
  1141. "version": ">=4.0.5+d95b909"
  1142. }
  1143. ]
  1144. },
  1145. {
  1146. "v": "1",
  1147. "type": {
  1148. "name": "grok_pattern",
  1149. "version": "1"
  1150. },
  1151. "id": "c6845ec4-a6b9-434b-a853-e5e13984cd60",
  1152. "data": {
  1153. "name": "IPV4",
  1154. "pattern": "(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])"
  1155. },
  1156. "constraints": [
  1157. {
  1158. "type": "server-version",
  1159. "version": ">=4.0.5+d95b909"
  1160. }
  1161. ]
  1162. },
  1163. {
  1164. "v": "1",
  1165. "type": {
  1166. "name": "grok_pattern",
  1167. "version": "1"
  1168. },
  1169. "id": "901d80a0-3066-488f-a273-b1a6bbb2c367",
  1170. "data": {
  1171. "name": "UNIXPATH",
  1172. "pattern": "(/([\\w_%!$@:.,~-]+|\\\\.)*)+"
  1173. },
  1174. "constraints": [
  1175. {
  1176. "type": "server-version",
  1177. "version": ">=4.0.5+d95b909"
  1178. }
  1179. ]
  1180. },
  1181. {
  1182. "v": "1",
  1183. "type": {
  1184. "name": "grok_pattern",
  1185. "version": "1"
  1186. },
  1187. "id": "a55410e6-2cb9-4ba3-b053-af92f0d93fb9",
  1188. "data": {
  1189. "name": "POSINT",
  1190. "pattern": "\\b(?:[1-9][0-9]*)\\b"
  1191. },
  1192. "constraints": [
  1193. {
  1194. "type": "server-version",
  1195. "version": ">=4.0.5+d95b909"
  1196. }
  1197. ]
  1198. },
  1199. {
  1200. "v": "1",
  1201. "type": {
  1202. "name": "grok_pattern",
  1203. "version": "1"
  1204. },
  1205. "id": "c6336f43-ced0-4996-a130-d3829868851c",
  1206. "data": {
  1207. "name": "HTTPDATE",
  1208. "pattern": "%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}"
  1209. },
  1210. "constraints": [
  1211. {
  1212. "type": "server-version",
  1213. "version": ">=4.0.5+d95b909"
  1214. }
  1215. ]
  1216. },
  1217. {
  1218. "v": "1",
  1219. "type": {
  1220. "name": "sidecar_collector",
  1221. "version": "1"
  1222. },
  1223. "id": "8c39c0e1-db3e-4098-bcf2-264ff511f38c",
  1224. "data": {
  1225. "name": {
  1226. "@type": "string",
  1227. "@value": "filebeat"
  1228. },
  1229. "service_type": {
  1230. "@type": "string",
  1231. "@value": "exec"
  1232. },
  1233. "node_operating_system": {
  1234. "@type": "string",
  1235. "@value": "linux"
  1236. },
  1237. "executable_path": {
  1238. "@type": "string",
  1239. "@value": "/usr/share/filebeat/bin/filebeat"
  1240. },
  1241. "execute_parameters": {
  1242. "@type": "string",
  1243. "@value": "-c %s"
  1244. },
  1245. "validation_parameters": {
  1246. "@type": "string",
  1247. "@value": "test config -c %s"
  1248. },
  1249. "default_template": {
  1250. "@type": "string",
  1251. "@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\nfilebeat.inputs:\n- input_type: log\n paths:\n - /var/log/*.log\n type: log\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: /var/lib/graylog-sidecar/collectors/filebeat/data\n logs: /var/lib/graylog-sidecar/collectors/filebeat/log"
  1252. }
  1253. },
  1254. "constraints": [
  1255. {
  1256. "type": "server-version",
  1257. "version": ">=4.0.5+d95b909"
  1258. }
  1259. ]
  1260. },
  1261. {
  1262. "v": "1",
  1263. "type": {
  1264. "name": "grok_pattern",
  1265. "version": "1"
  1266. },
  1267. "id": "3873a640-d4f9-494e-afe4-f4d6cbcd2dd6",
  1268. "data": {
  1269. "name": "QUOTEDSTRING",
  1270. "pattern": "(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))"
  1271. },
  1272. "constraints": [
  1273. {
  1274. "type": "server-version",
  1275. "version": ">=4.0.5+d95b909"
  1276. }
  1277. ]
  1278. },
  1279. {
  1280. "v": "1",
  1281. "type": {
  1282. "name": "grok_pattern",
  1283. "version": "1"
  1284. },
  1285. "id": "ff210553-4c85-4fe5-b227-24bb2e2834c0",
  1286. "data": {
  1287. "name": "URIPATHPARAM",
  1288. "pattern": "%{URIPATH}(?:%{URIPARAM})?"
  1289. },
  1290. "constraints": [
  1291. {
  1292. "type": "server-version",
  1293. "version": ">=4.0.5+d95b909"
  1294. }
  1295. ]
  1296. },
  1297. {
  1298. "v": "1",
  1299. "type": {
  1300. "name": "grok_pattern",
  1301. "version": "1"
  1302. },
  1303. "id": "4532a4e6-ef98-4792-abf8-5087e151357b",
  1304. "data": {
  1305. "name": "BASE10NUM",
  1306. "pattern": "(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))"
  1307. },
  1308. "constraints": [
  1309. {
  1310. "type": "server-version",
  1311. "version": ">=4.0.5+d95b909"
  1312. }
  1313. ]
  1314. },
  1315. {
  1316. "v": "1",
  1317. "type": {
  1318. "name": "grok_pattern",
  1319. "version": "1"
  1320. },
  1321. "id": "a3b4d934-b4c9-4195-8917-977b541fe59b",
  1322. "data": {
  1323. "name": "DATESTAMP_OTHER",
  1324. "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}"
  1325. },
  1326. "constraints": [
  1327. {
  1328. "type": "server-version",
  1329. "version": ">=4.0.5+d95b909"
  1330. }
  1331. ]
  1332. },
  1333. {
  1334. "v": "1",
  1335. "type": {
  1336. "name": "grok_pattern",
  1337. "version": "1"
  1338. },
  1339. "id": "e8b3bbfd-e4c4-4977-ad2b-958f3f19beca",
  1340. "data": {
  1341. "name": "DATESTAMP_RFC2822",
  1342. "pattern": "%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}"
  1343. },
  1344. "constraints": [
  1345. {
  1346. "type": "server-version",
  1347. "version": ">=4.0.5+d95b909"
  1348. }
  1349. ]
  1350. },
  1351. {
  1352. "v": "1",
  1353. "type": {
  1354. "name": "grok_pattern",
  1355. "version": "1"
  1356. },
  1357. "id": "d15f93b3-32b4-4f00-9070-517df931739e",
  1358. "data": {
  1359. "name": "QS",
  1360. "pattern": "%{QUOTEDSTRING}"
  1361. },
  1362. "constraints": [
  1363. {
  1364. "type": "server-version",
  1365. "version": ">=4.0.5+d95b909"
  1366. }
  1367. ]
  1368. },
  1369. {
  1370. "v": "1",
  1371. "type": {
  1372. "name": "grok_pattern",
  1373. "version": "1"
  1374. },
  1375. "id": "368729d0-d26a-4f49-aee2-9fc6341610b1",
  1376. "data": {
  1377. "name": "DATE_EU",
  1378. "pattern": "%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}"
  1379. },
  1380. "constraints": [
  1381. {
  1382. "type": "server-version",
  1383. "version": ">=4.0.5+d95b909"
  1384. }
  1385. ]
  1386. },
  1387. {
  1388. "v": "1",
  1389. "type": {
  1390. "name": "grok_pattern",
  1391. "version": "1"
  1392. },
  1393. "id": "c939b28d-53f1-4103-97c1-808d370f3477",
  1394. "data": {
  1395. "name": "ISO8601_SECOND",
  1396. "pattern": "(?:%{SECOND}|60)"
  1397. },
  1398. "constraints": [
  1399. {
  1400. "type": "server-version",
  1401. "version": ">=4.0.5+d95b909"
  1402. }
  1403. ]
  1404. },
  1405. {
  1406. "v": "1",
  1407. "type": {
  1408. "name": "grok_pattern",
  1409. "version": "1"
  1410. },
  1411. "id": "d923db54-9d8c-4156-b4bd-9abf3fc0eb36",
  1412. "data": {
  1413. "name": "EMAILLOCALPART",
  1414. "pattern": "[a-zA-Z][a-zA-Z0-9_.+-=:]+"
  1415. },
  1416. "constraints": [
  1417. {
  1418. "type": "server-version",
  1419. "version": ">=4.0.5+d95b909"
  1420. }
  1421. ]
  1422. },
  1423. {
  1424. "v": "1",
  1425. "type": {
  1426. "name": "grok_pattern",
  1427. "version": "1"
  1428. },
  1429. "id": "a4a81def-c227-4ed0-b957-27b5521080d2",
  1430. "data": {
  1431. "name": "URIPATH",
  1432. "pattern": "(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+"
  1433. },
  1434. "constraints": [
  1435. {
  1436. "type": "server-version",
  1437. "version": ">=4.0.5+d95b909"
  1438. }
  1439. ]
  1440. },
  1441. {
  1442. "v": "1",
  1443. "type": {
  1444. "name": "grok_pattern",
  1445. "version": "1"
  1446. },
  1447. "id": "c46e2be4-5618-426c-add9-e639a43ddec7",
  1448. "data": {
  1449. "name": "NUMBER",
  1450. "pattern": "(?:%{BASE10NUM})"
  1451. },
  1452. "constraints": [
  1453. {
  1454. "type": "server-version",
  1455. "version": ">=4.0.5+d95b909"
  1456. }
  1457. ]
  1458. },
  1459. {
  1460. "v": "1",
  1461. "type": {
  1462. "name": "grok_pattern",
  1463. "version": "1"
  1464. },
  1465. "id": "47ccb32f-27b7-4e56-8b25-d053886e977b",
  1466. "data": {
  1467. "name": "SYSLOGPROG",
  1468. "pattern": "%{PROG:program}(?:\\[%{POSINT:pid}\\])?"
  1469. },
  1470. "constraints": [
  1471. {
  1472. "type": "server-version",
  1473. "version": ">=4.0.5+d95b909"
  1474. }
  1475. ]
  1476. },
  1477. {
  1478. "v": "1",
  1479. "type": {
  1480. "name": "grok_pattern",
  1481. "version": "1"
  1482. },
  1483. "id": "0439144b-5882-412d-9402-7b96a339a9c4",
  1484. "data": {
  1485. "name": "BASE16FLOAT",
  1486. "pattern": "\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b"
  1487. },
  1488. "constraints": [
  1489. {
  1490. "type": "server-version",
  1491. "version": ">=4.0.5+d95b909"
  1492. }
  1493. ]
  1494. },
  1495. {
  1496. "v": "1",
  1497. "type": {
  1498. "name": "grok_pattern",
  1499. "version": "1"
  1500. },
  1501. "id": "4305f22c-6497-4a29-8e3b-8fa5bb9071d8",
  1502. "data": {
  1503. "name": "DATE",
  1504. "pattern": "%{DATE_US}|%{DATE_EU}"
  1505. },
  1506. "constraints": [
  1507. {
  1508. "type": "server-version",
  1509. "version": ">=4.0.5+d95b909"
  1510. }
  1511. ]
  1512. },
  1513. {
  1514. "v": "1",
  1515. "type": {
  1516. "name": "grok_pattern",
  1517. "version": "1"
  1518. },
  1519. "id": "b95ed6d7-ebce-4480-bd07-7dab74acaf1c",
  1520. "data": {
  1521. "name": "TTY",
  1522. "pattern": "(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))"
  1523. },
  1524. "constraints": [
  1525. {
  1526. "type": "server-version",
  1527. "version": ">=4.0.5+d95b909"
  1528. }
  1529. ]
  1530. },
  1531. {
  1532. "v": "1",
  1533. "type": {
  1534. "name": "grok_pattern",
  1535. "version": "1"
  1536. },
  1537. "id": "876c0e77-0dc7-4c84-9faa-4eecd4ad2461",
  1538. "data": {
  1539. "name": "TIME",
  1540. "pattern": "(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])"
  1541. },
  1542. "constraints": [
  1543. {
  1544. "type": "server-version",
  1545. "version": ">=4.0.5+d95b909"
  1546. }
  1547. ]
  1548. },
  1549. {
  1550. "v": "1",
  1551. "type": {
  1552. "name": "grok_pattern",
  1553. "version": "1"
  1554. },
  1555. "id": "c12a7dff-d565-47c2-83c2-066f4ef1ecce",
  1556. "data": {
  1557. "name": "HOSTNAME",
  1558. "pattern": "\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)"
  1559. },
  1560. "constraints": [
  1561. {
  1562. "type": "server-version",
  1563. "version": ">=4.0.5+d95b909"
  1564. }
  1565. ]
  1566. },
  1567. {
  1568. "v": "1",
  1569. "type": {
  1570. "name": "grok_pattern",
  1571. "version": "1"
  1572. },
  1573. "id": "24b268d0-7532-4e72-ac39-01328c8b37ae",
  1574. "data": {
  1575. "name": "IPORHOST",
  1576. "pattern": "(?:%{IP}|%{HOSTNAME})"
  1577. },
  1578. "constraints": [
  1579. {
  1580. "type": "server-version",
  1581. "version": ">=4.0.5+d95b909"
  1582. }
  1583. ]
  1584. },
  1585. {
  1586. "v": "1",
  1587. "type": {
  1588. "name": "grok_pattern",
  1589. "version": "1"
  1590. },
  1591. "id": "6cfc22e7-cf55-422f-804c-dc2784f2a174",
  1592. "data": {
  1593. "name": "IPV6",
  1594. "pattern": "((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?"
  1595. },
  1596. "constraints": [
  1597. {
  1598. "type": "server-version",
  1599. "version": ">=4.0.5+d95b909"
  1600. }
  1601. ]
  1602. },
  1603. {
  1604. "v": "1",
  1605. "type": {
  1606. "name": "grok_pattern",
  1607. "version": "1"
  1608. },
  1609. "id": "33490e99-1310-44ea-9478-54d9701b95d0",
  1610. "data": {
  1611. "name": "MONTH",
  1612. "pattern": "\\b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b"
  1613. },
  1614. "constraints": [
  1615. {
  1616. "type": "server-version",
  1617. "version": ">=4.0.5+d95b909"
  1618. }
  1619. ]
  1620. },
  1621. {
  1622. "v": "1",
  1623. "type": {
  1624. "name": "sidecar_collector",
  1625. "version": "1"
  1626. },
  1627. "id": "1870a97f-b5bb-4131-b6f9-fc3dee54610e",
  1628. "data": {
  1629. "name": {
  1630. "@type": "string",
  1631. "@value": "nxlog"
  1632. },
  1633. "service_type": {
  1634. "@type": "string",
  1635. "@value": "exec"
  1636. },
  1637. "node_operating_system": {
  1638. "@type": "string",
  1639. "@value": "linux"
  1640. },
  1641. "executable_path": {
  1642. "@type": "string",
  1643. "@value": "/usr/bin/nxlog"
  1644. },
  1645. "execute_parameters": {
  1646. "@type": "string",
  1647. "@value": "-f -c %s"
  1648. },
  1649. "validation_parameters": {
  1650. "@type": "string",
  1651. "@value": "-v -c %s"
  1652. },
  1653. "default_template": {
  1654. "@type": "string",
  1655. "@value": "define ROOT /usr/bin\n\n<Extension gelfExt>\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n</Extension>\n\n<Extension syslogExt>\n Module xm_syslog\n</Extension>\n\nUser nxlog\nGroup nxlog\n\nModuledir /usr/lib/nxlog/modules\nCacheDir /var/spool/nxlog/data\nPidFile /var/run/nxlog/nxlog.pid\nLogFile /var/log/nxlog/nxlog.log\nLogLevel INFO\n\n\n<Input file>\n\tModule im_file\n\tFile '/var/log/*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n</Input>\n\n#<Input syslog-udp>\n#\tModule im_udp\n#\tHost 127.0.0.1\n#\tPort 514\n#\tExec parse_syslog_bsd();\n#</Input>\n\n<Output gelf>\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t<Exec>\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t</Exec>\n</Output>\n\n\n<Route route-1>\n Path file => gelf\n</Route>\n#<Route route-2>\n# Path syslog-udp => gelf\n#</Route>\n\n\n"
  1656. }
  1657. },
  1658. "constraints": [
  1659. {
  1660. "type": "server-version",
  1661. "version": ">=4.0.5+d95b909"
  1662. }
  1663. ]
  1664. },
  1665. {
  1666. "v": "1",
  1667. "type": {
  1668. "name": "grok_pattern",
  1669. "version": "1"
  1670. },
  1671. "id": "d10a122f-7400-4b7f-ab53-da77e2f2680d",
  1672. "data": {
  1673. "name": "HOSTPORT",
  1674. "pattern": "%{IPORHOST}:%{POSINT}"
  1675. },
  1676. "constraints": [
  1677. {
  1678. "type": "server-version",
  1679. "version": ">=4.0.5+d95b909"
  1680. }
  1681. ]
  1682. },
  1683. {
  1684. "v": "1",
  1685. "type": {
  1686. "name": "grok_pattern",
  1687. "version": "1"
  1688. },
  1689. "id": "e2a64161-bddb-4cad-92b0-12aeff55a97d",
  1690. "data": {
  1691. "name": "COMMONMAC",
  1692. "pattern": "(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})"
  1693. },
  1694. "constraints": [
  1695. {
  1696. "type": "server-version",
  1697. "version": ">=4.0.5+d95b909"
  1698. }
  1699. ]
  1700. },
  1701. {
  1702. "v": "1",
  1703. "type": {
  1704. "name": "grok_pattern",
  1705. "version": "1"
  1706. },
  1707. "id": "64478ff4-a531-428f-8d58-c258d28e6534",
  1708. "data": {
  1709. "name": "URIHOST",
  1710. "pattern": "%{IPORHOST}(?::%{POSINT:port})?"
  1711. },
  1712. "constraints": [
  1713. {
  1714. "type": "server-version",
  1715. "version": ">=4.0.5+d95b909"
  1716. }
  1717. ]
  1718. },
  1719. {
  1720. "v": "1",
  1721. "type": {
  1722. "name": "grok_pattern",
  1723. "version": "1"
  1724. },
  1725. "id": "36dad036-c900-4447-a24c-9e02201014f5",
  1726. "data": {
  1727. "name": "DATESTAMP_EVENTLOG",
  1728. "pattern": "%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}"
  1729. },
  1730. "constraints": [
  1731. {
  1732. "type": "server-version",
  1733. "version": ">=4.0.5+d95b909"
  1734. }
  1735. ]
  1736. },
  1737. {
  1738. "v": "1",
  1739. "type": {
  1740. "name": "grok_pattern",
  1741. "version": "1"
  1742. },
  1743. "id": "a3edd0da-5f3e-483f-b84e-5e4e62efa061",
  1744. "data": {
  1745. "name": "MONTHDAY",
  1746. "pattern": "(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])"
  1747. },
  1748. "constraints": [
  1749. {
  1750. "type": "server-version",
  1751. "version": ">=4.0.5+d95b909"
  1752. }
  1753. ]
  1754. },
  1755. {
  1756. "v": "1",
  1757. "type": {
  1758. "name": "grok_pattern",
  1759. "version": "1"
  1760. },
  1761. "id": "a30635e9-a888-42ab-9a3d-407392f2c95d",
  1762. "data": {
  1763. "name": "DAY",
  1764. "pattern": "(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)"
  1765. },
  1766. "constraints": [
  1767. {
  1768. "type": "server-version",
  1769. "version": ">=4.0.5+d95b909"
  1770. }
  1771. ]
  1772. },
  1773. {
  1774. "v": "1",
  1775. "type": {
  1776. "name": "grok_pattern",
  1777. "version": "1"
  1778. },
  1779. "id": "d38921ef-5635-46bc-8e0e-07ade347b6e8",
  1780. "data": {
  1781. "name": "PROG",
  1782. "pattern": "[\\x21-\\x5a\\x5c\\x5e-\\x7e]+"
  1783. },
  1784. "constraints": [
  1785. {
  1786. "type": "server-version",
  1787. "version": ">=4.0.5+d95b909"
  1788. }
  1789. ]
  1790. },
  1791. {
  1792. "v": "1",
  1793. "type": {
  1794. "name": "grok_pattern",
  1795. "version": "1"
  1796. },
  1797. "id": "ad53591c-32d2-4c91-886e-39e31d4a80a9",
  1798. "data": {
  1799. "name": "WINDOWSMAC",
  1800. "pattern": "(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})"
  1801. },
  1802. "constraints": [
  1803. {
  1804. "type": "server-version",
  1805. "version": ">=4.0.5+d95b909"
  1806. }
  1807. ]
  1808. },
  1809. {
  1810. "v": "1",
  1811. "type": {
  1812. "name": "grok_pattern",
  1813. "version": "1"
  1814. },
  1815. "id": "6c60a9cb-7098-4d13-8197-03551a64aab4",
  1816. "data": {
  1817. "name": "ISO8601_TIMEZONE",
  1818. "pattern": "(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))"
  1819. },
  1820. "constraints": [
  1821. {
  1822. "type": "server-version",
  1823. "version": ">=4.0.5+d95b909"
  1824. }
  1825. ]
  1826. },
  1827. {
  1828. "v": "1",
  1829. "type": {
  1830. "name": "grok_pattern",
  1831. "version": "1"
  1832. },
  1833. "id": "7fa32594-0c1c-452a-a909-5e714e5912b2",
  1834. "data": {
  1835. "name": "TZ",
  1836. "pattern": "(?:[PMCE][SD]T|UTC)"
  1837. },
  1838. "constraints": [
  1839. {
  1840. "type": "server-version",
  1841. "version": ">=4.0.5+d95b909"
  1842. }
  1843. ]
  1844. },
  1845. {
  1846. "v": "1",
  1847. "type": {
  1848. "name": "grok_pattern",
  1849. "version": "1"
  1850. },
  1851. "id": "b46b9b9d-433f-4e58-afb1-c110f6f4a0f2",
  1852. "data": {
  1853. "name": "EMAILADDRESS",
  1854. "pattern": "%{EMAILLOCALPART}@%{HOSTNAME}"
  1855. },
  1856. "constraints": [
  1857. {
  1858. "type": "server-version",
  1859. "version": ">=4.0.5+d95b909"
  1860. }
  1861. ]
  1862. },
  1863. {
  1864. "v": "1",
  1865. "type": {
  1866. "name": "grok_pattern",
  1867. "version": "1"
  1868. },
  1869. "id": "285fde1c-3afb-4138-bf2e-91b7ecdb0056",
  1870. "data": {
  1871. "name": "UUID",
  1872. "pattern": "[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}"
  1873. },
  1874. "constraints": [
  1875. {
  1876. "type": "server-version",
  1877. "version": ">=4.0.5+d95b909"
  1878. }
  1879. ]
  1880. },
  1881. {
  1882. "v": "1",
  1883. "type": {
  1884. "name": "grok_pattern",
  1885. "version": "1"
  1886. },
  1887. "id": "d4edab73-7392-45a8-be01-ba1130455055",
  1888. "data": {
  1889. "name": "DATA",
  1890. "pattern": ".*?"
  1891. },
  1892. "constraints": [
  1893. {
  1894. "type": "server-version",
  1895. "version": ">=4.0.5+d95b909"
  1896. }
  1897. ]
  1898. },
  1899. {
  1900. "v": "1",
  1901. "type": {
  1902. "name": "grok_pattern",
  1903. "version": "1"
  1904. },
  1905. "id": "8e1db82b-161e-4f09-9fdc-bb3f42dafbd8",
  1906. "data": {
  1907. "name": "HTTPDERROR_DATE",
  1908. "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
  1909. },
  1910. "constraints": [
  1911. {
  1912. "type": "server-version",
  1913. "version": ">=4.0.5+d95b909"
  1914. }
  1915. ]
  1916. },
  1917. {
  1918. "v": "1",
  1919. "type": {
  1920. "name": "grok_pattern",
  1921. "version": "1"
  1922. },
  1923. "id": "091038b0-d328-4eea-a20a-6dd638c07b52",
  1924. "data": {
  1925. "name": "MAC",
  1926. "pattern": "(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})"
  1927. },
  1928. "constraints": [
  1929. {
  1930. "type": "server-version",
  1931. "version": ">=4.0.5+d95b909"
  1932. }
  1933. ]
  1934. },
  1935. {
  1936. "v": "1",
  1937. "type": {
  1938. "name": "grok_pattern",
  1939. "version": "1"
  1940. },
  1941. "id": "e8c5f48b-5f11-4a88-920c-2517a0b75c24",
  1942. "data": {
  1943. "name": "TIMESTAMP_ISO8601",
  1944. "pattern": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?"
  1945. },
  1946. "constraints": [
  1947. {
  1948. "type": "server-version",
  1949. "version": ">=4.0.5+d95b909"
  1950. }
  1951. ]
  1952. },
  1953. {
  1954. "v": "1",
  1955. "type": {
  1956. "name": "grok_pattern",
  1957. "version": "1"
  1958. },
  1959. "id": "640e251f-bf9e-4fea-abbc-49c933d3f8f4",
  1960. "data": {
  1961. "name": "SYSLOGFACILITY",
  1962. "pattern": "<%{NONNEGINT:facility}.%{NONNEGINT:priority}>"
  1963. },
  1964. "constraints": [
  1965. {
  1966. "type": "server-version",
  1967. "version": ">=4.0.5+d95b909"
  1968. }
  1969. ]
  1970. },
  1971. {
  1972. "v": "1",
  1973. "type": {
  1974. "name": "grok_pattern",
  1975. "version": "1"
  1976. },
  1977. "id": "9f56b9b6-a7c7-4caa-be72-68571a917d52",
  1978. "data": {
  1979. "name": "NOTSPACE",
  1980. "pattern": "\\S+"
  1981. },
  1982. "constraints": [
  1983. {
  1984. "type": "server-version",
  1985. "version": ">=4.0.5+d95b909"
  1986. }
  1987. ]
  1988. }
  1989. ]
  1990. }