From 3778903fb7c39772beed4be2993b70fa4f348de6 Mon Sep 17 00:00:00 2001
From: "samuel.bufe" <samuel.bufe@publicispixelpark.de>
Date: Mon, 29 Feb 2016 11:38:49 +0100
Subject: [PATCH] =?utf8?q?grok=20filter=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 customer/docmorris/prd-app02-fact.pixelpark.net.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/customer/docmorris/prd-app02-fact.pixelpark.net.yaml b/customer/docmorris/prd-app02-fact.pixelpark.net.yaml
index eb0ea244..1e6e108c 100644
--- a/customer/docmorris/prd-app02-fact.pixelpark.net.yaml
+++ b/customer/docmorris/prd-app02-fact.pixelpark.net.yaml
@@ -8,6 +8,7 @@ accounts::users:
     apply: true
     sudo: true
 
+logstash::drop_grokparsefailure: false
 logstash::generic_resource:
   docmorris_factfinder01:
     resource: file
@@ -29,3 +30,11 @@ logstash::generic_resource:
         - "docmorris-ff7"
         - "%{customer}"
         - "%{environment}"
+  ff_filter:
+    resource: grok
+    order: 40
+    condition: "if [type] == 'tomcat'"
+    parameters:
+      match:
+       - "message"
+       - '%{IP:ip}%{SPACE}\[%{HTTPDATE:logdate}%{DATA}"%{DATA:request}"%{DATA}%{NUMBER:status}%{DATA}%{NUMBER:length} %{DATA}%{NUMBER:time}'
\ No newline at end of file
-- 
2.39.5