Febbweiss/docker-log-centralizer
1
0
Fork 0
mirror of https://github.com/Febbweiss/docker-log-centralizer.git synced 2026-03-04 14:25:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e0b11ef1a2dcbab24dc277186bebd56ae6513d8b
docker-log-centralizer/logstash/indexer/pipeline/kafka_elasticsearch.conf
ECAILLE Fabrice (externe) e0b11ef1a2 Initial commit - Fully working architecture
2017-03-17 12:34:00 +01:00

95 lines
2.1 KiB
Plaintext
Raw Blame History

input {
kafka {
codec => json{}
bootstrap_servers => "kafka:9092"
topics => ["nginx-access", "random", "apache"]
client_id => "logstash_indexer_1"
}
}
filter {
if [type] == "nginx-access" {
grok {
match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}"]
overwrite => [ "message" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
}
geoip {
source => "clientip"
target => "geoip"
add_tag => [ "nginx-geoip" ]
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
remove_field => [ "timestamp" ]
}
useragent {
source => "agent"
}
}
if [type] == "random" {
grok {
match => [ "message" , "(?<timestamp>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME}) %{NUMBER:pid} %{GREEDYDATA:filename} %{NUMBER:line} %{GREEDYDATA:logger} %{LOGLEVEL:severity} %{GREEDYDATA:quote}"]
overwrite => [ "message" ]
}
date {
match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS"]
remove_field => [ "timestamp" ]
}
}
if [type] == "apache" {
grok {
match => [ "message" , "%{COMBINEDAPACHELOG}"]
overwrite => [ "message" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
}
geoip {
source => "clientip"
target => "geoip"
add_tag => [ "apache-geoip" ]
}
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
remove_field => [ "timestamp" ]
}
}
}
output {
if [type] == "nginx-access" {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "nginx-%{+YYYYMM}"
}
stdout {
codec => rubydebug
}
}
if [type] == "random" {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "random-%{+YYYYMM}"
}
stdout {
codec => rubydebug
}
}
if [type] == "apache" {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "apache-%{+YYYYMM}"
}
stdout {
codec => rubydebug
}
}
}
Reference in New Issue View Git Blame Copy Permalink