Syslog hostname to allow underscores

elkserver/logstash/conf.d/20-redir-haproxy.conf

@@ -46,7 +46,7 @@ filter {
 
     # Let's first trim the syslog info from the log line
     grok {
-      match => { "message" => ["%{SYSLOGTIMESTAMP:syslogtimestamp} %{SYSLOGHOST:sysloghostname} %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\])?: %{GREEDYDATA:messagenosyslog}"] }
+      match => { "message" => ["%{SYSLOGTIMESTAMP:syslogtimestamp} %{NOTSPACE:sysloghostname} %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\])?: %{GREEDYDATA:messagenosyslog}"] }
     }
 
 

elkserver/logstash/conf.d/30-redir-apache.conf

@@ -16,7 +16,7 @@ filter {
 
      # Let's first trim the syslog-like info from the log line
     grok {
-      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{SYSLOGHOST:sysloghostname}|-) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
+      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{NOTSPACE:sysloghostname}|-) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
     }
 
     # now matching the real Apache log lines. We have several log line formats we need to match:

elkserver/logstash/conf.d/40-redir-nginx.conf

@@ -16,7 +16,7 @@ filter {
 
      # Let's first trim the syslog-like info from the log line
     grok {
-      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{SYSLOGHOST:sysloghostname}|-) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
+      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{NOTSPACE:sysloghostname}|-) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
     }
 
     # now matching the real Apache log lines. We have several log line formats we need to match: