logstash 解析windows iis日志

logstash-gw.conf  logstash-index.conf
[elk@Vsftp gw]$ cat logstash-gw.conf 
input {
        file {
                type => "gw-app-iis"
                path => ["/data01/gw/gw-app*"]
                codec => plain {
                charset => "ISO-8859-1"
    }
        }
    


 
}
filter {
    grok {
        match => [
             "message" ,"s*(?<time>([0-9]{4}-[0-9]{2}-[0-9]{2}s+[0-9]{2}:[0-9]{2}:[0-9]{2}))s+%{IPORHOST:clientip}s+%{WORD:verb}s+%{URIPATHPARAM:request}s+-s+(?<port>([0-9]{2}.*?))s+-s+%{IPORHOST:sourceip}s+(?<http_user_agent>(S+s+).*?).*",
             "message" ,"s*(?<time>([0-9]{4}-[0-9]{2}-[0-9]{2}s+[0-9]{2}:[0-9]{2}:[0-9]{2}))s+%{IPORHOST:clientip}s+%{WORD:verb}s+%{URIPATHPARAM:request}s+(?<src>(S+).*?)s+(?<port>([0-9]{2}.*?))s+-s+%{IPORHOST:sourceip}s+(?<http_user_agent>(S+s+).*?).*",
             "message","s*(?<time>([0-9]{4}-[0-9]{2}-[0-9]{2}s+[0-9]{2}:[0-9]{2}:[0-9]{2}))s+%{IPORHOST:clientip}s+%{WORD:verb}s+%{URIPATHPARAM:request}.*"
                ]
       }
}
output {
     if [type] == "gw-app-iis" { 
        redis {
                host => "192.168.11.185"
                data_type => "list"
                key => "gw-app-iis:redis"
                port=>"6379"
                password => "1234567"
        }
}
}