mirror of
https://github.com/Febbweiss/docker-log-centralizer.git
synced 2026-03-04 14:25:35 +00:00
134 lines
3.1 KiB
Plaintext
134 lines
3.1 KiB
Plaintext
input {
|
|
kafka {
|
|
codec => json{}
|
|
bootstrap_servers => "kafka:9092"
|
|
topics => ["random", "apache", "random-forwarder", "apache-forwarder"]
|
|
client_id => "logstash_indexer_1"
|
|
}
|
|
}
|
|
|
|
filter {
|
|
if [type] == "nginx-access" {
|
|
grok {
|
|
match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}"]
|
|
overwrite => [ "message" ]
|
|
}
|
|
mutate {
|
|
convert => ["response", "integer"]
|
|
convert => ["bytes", "integer"]
|
|
convert => ["responsetime", "float"]
|
|
}
|
|
geoip {
|
|
source => "clientip"
|
|
target => "geoip"
|
|
add_tag => [ "nginx-geoip" ]
|
|
}
|
|
date {
|
|
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
|
|
remove_field => [ "timestamp" ]
|
|
}
|
|
useragent {
|
|
source => "agent"
|
|
}
|
|
}
|
|
if [type] == "random" {
|
|
grok {
|
|
match => [ "message" , "(?<timestamp>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME}) %{NUMBER:pid} %{GREEDYDATA:filename} %{NUMBER:line} %{GREEDYDATA:logger} %{LOGLEVEL:severity} %{GREEDYDATA:quote}"]
|
|
overwrite => [ "message" ]
|
|
}
|
|
date {
|
|
match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS"]
|
|
remove_field => [ "timestamp" ]
|
|
}
|
|
}
|
|
if [type] == "apache" {
|
|
grok {
|
|
match => [ "message" , "%{COMBINEDAPACHELOG}"]
|
|
overwrite => [ "message" ]
|
|
}
|
|
mutate {
|
|
convert => ["response", "integer"]
|
|
convert => ["bytes", "integer"]
|
|
convert => ["responsetime", "float"]
|
|
}
|
|
geoip {
|
|
source => "clientip"
|
|
target => "geoip"
|
|
add_tag => [ "apache-geoip" ]
|
|
}
|
|
date {
|
|
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
|
|
remove_field => [ "timestamp" ]
|
|
}
|
|
}
|
|
if [type] == "random-forwarder" {
|
|
grok {
|
|
match => [ "message" , "(?<timestamp>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME}) %{NUMBER:pid} %{GREEDYDATA:filename} %{NUMBER:line} %{GREEDYDATA:logger} %{LOGLEVEL:severity} %{GREEDYDATA:quote}"]
|
|
overwrite => [ "message" ]
|
|
}
|
|
date {
|
|
match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS"]
|
|
remove_field => [ "timestamp" ]
|
|
}
|
|
}
|
|
if [type] == "apache-forwarder" {
|
|
grok {
|
|
match => [ "message" , "%{COMBINEDAPACHELOG}"]
|
|
overwrite => [ "message" ]
|
|
}
|
|
mutate {
|
|
convert => ["response", "integer"]
|
|
convert => ["bytes", "integer"]
|
|
convert => ["responsetime", "float"]
|
|
}
|
|
geoip {
|
|
source => "clientip"
|
|
target => "geoip"
|
|
add_tag => [ "apache-geoip" ]
|
|
}
|
|
date {
|
|
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
|
|
remove_field => [ "timestamp" ]
|
|
}
|
|
}
|
|
}
|
|
|
|
output {
|
|
if [type] == "nginx-access" {
|
|
elasticsearch {
|
|
hosts => ["elasticsearch:9200"]
|
|
index => "nginx-%{+YYYYMM}"
|
|
}
|
|
}
|
|
if [type] == "random" {
|
|
elasticsearch {
|
|
hosts => ["elasticsearch:9200"]
|
|
index => "random-%{+YYYYMM}"
|
|
}
|
|
}
|
|
if [type] == "apache" {
|
|
elasticsearch {
|
|
hosts => ["elasticsearch:9200"]
|
|
index => "apache-%{+YYYYMM}"
|
|
}
|
|
}
|
|
if [type] == "random-forwarder" {
|
|
elasticsearch {
|
|
hosts => ["elasticsearch:9200"]
|
|
index => "randomforwarder-%{+YYYYMM}"
|
|
}
|
|
stdout {
|
|
codec => rubydebug
|
|
}
|
|
}
|
|
if [type] == "apache-forwarder" {
|
|
elasticsearch {
|
|
hosts => ["elasticsearch:9200"]
|
|
index => "apacheforwarder-%{+YYYYMM}"
|
|
}
|
|
stdout {
|
|
codec => rubydebug
|
|
}
|
|
}
|
|
}
|