logstash-filters/indexer.conf.erb

input {
  tcp {
    host => "localhost"
    port => 9999
    format => "json"
    message_format => "%{event_message}"
    type => "jenkins"
  }
}

# You can check grok patterns at http://grokdebug.herokuapp.com/
filter {
  grep {
    type => "jenkins"
    tags => ["console.html"]
    # Drop matches.
    negate => true
    match => ["@message", "^</?pre>$"]
  }
  multiline {
    type => "jenkins"
    tags => ["console.html"]
    negate => true
    pattern => "^%{DATESTAMP} \|"
    what => "previous"
  }
  grok {
    type => "jenkins"
    tags => ["console.html"]
    pattern => [ "^%{DATESTAMP:logdate} \| %{GREEDYDATA:logmessage}" ]
    add_field => [ "received_at", "%{@timestamp}" ]
  }
  date {
    type => "jenkins"
    exclude_tags => "_grokparsefailure"
    match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS" ]
  }
  mutate {
    type => "jenkins"
    exclude_tags => "_grokparsefailure"
    replace => [ "@message", "%{logmessage}" ]
  }
  mutate {
    type => "jenkins"
    exclude_tags => "_grokparsefailure"
    remove => [ "logdate", "logmessage" ]
  }
}

output {
  elasticsearch {
    host => "127.0.0.1"
  }
}