logstash.conf

input {
	lumberjack {
		port => 8999
		ssl_certificate => "/logstash-forwarder.crt"  # ssl 인증 파일 ( logstash-forwarder 에도 동일한 파일로 )
		ssl_key => "/logstash-forwarder.key" # ssl 인증 파일 ( logstash-forwarder 에도 동일한 파일로 )
	}
}

filter{
     if [type] == "log" {
          # 로그 패턴 정의, TIMESTAMP_ISO8601 변수는 logstash 자체 변수임, GREEDYDATA 변수는 아무렇게나 적절히 파싱.. 생각보다 잘됨
          grok {
               match => [ "message", "%{TIMESTAMP_ISO8601:TIME}\t\[%{WORD:LEVEL}\]\t%{GREEDYDATA:LOG}\t%{GREEDYDATA:FILE}" ]
          }
          date{
               match => ["TIME", "YYYY-MM-dd HH:mm:ss.SSS" ]
               target => "@timestamp"
	       timezone => "Asia/Seoul"
          }
          mutate {
               remove_field => [ "TIME" ]
          }
          if "_grokparsefailure" in [tags] { drop {} }
     }
     if [type] == "pool-info"{
          grok {
               match => [ "message", "%{TIMESTAMP_ISO8601:TIME}\t\[%{WORD:POOL_NAME}\]\s+%{NUMBER:USE}"  ]
          }
          mutate {
               convert => { "USE" => "integer" }
          }
          date{
               match => ["TIME", "YYYY-MM-dd HH:mm:ss.SSS" ]
               target => "@timestamp"
	       timezone => "Asia/Seoul"
          }
          mutate {
               remove_field => [ "TIME" ]
          }

          if "_grokparsefailure" in [tags] { drop {} }
     }
     if [type] == "stat-info"{
          grok {
               match => [ "message", "\[(?\d{4}-\d{2}-\d{2} \d{2}-\d{2}-\d{2})\] Account\[%{GREEDYDATA}\] Game\[%{GREEDYDATA}\] Community\[%{GREEDYDATA}\] Login\[%{GREEDYDATA:LOGIN_COUNT}\] Logout\[%{GREEDYDATA:LOGOUT_COUNT}\] SockCount\[%{GREEDYDATA:SOCK_COUNT}\] PacketCount\[%{GREEDYDATA:PACKET_COUNT}\]"   ]
          }
          mutate {
               convert => { "LOGIN_COUNT" => "integer" }
               convert => { "LOGOUT_COUNT" => "integer" }
               convert => { "SOCK_COUNT" => "integer" }
               convert => { "PACKET_COUNT" => "integer" }
          }
          date{
               match => ["TIME", "YYYY-MM-dd HH-mm-ss"]
               target => "@timestamp"
	       timezone => "Asia/Seoul"
          }
          mutate {
               remove_field => [ "TIME" ]
          }

          if "_grokparsefailure" in [tags] { drop {} }
     }
}

output {

    #stdout {}
     #stdout { codec => rubydebug }

     if [type] == "log" {
          elasticsearch {
               index => "logstash-log-%{+YYYY.MM}"
               host => "log.nexusgames.co.kr"
               port=> "9200"
               protocol=>"http"
          }
     }

     if [type] == "pool-info" {
          elasticsearch {
               index => "logstash-stat-%{+YYYY.MM}"
               host => "log.nexusgames.co.kr"
               port=> "9200"
               protocol=>"http"
          }
     }

     if [type] == "stat-info" {
          elasticsearch {
               index => "logstash-stat-%{+YYYY.MM}"
               host => "log.nexusgames.co.kr"
               port=> "9200"
               protocol=>"http"
          }
     }
}