aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
diff options
context:
space:
mode:
authorosgn422w <gn422w@intl.att.com>2018-09-06 15:33:50 +0200
committerosgn422w <gn422w@intl.att.com>2018-09-06 15:35:23 +0200
commit7bc14faaa8e542f2f9533b0f0543b5bef45c7819 (patch)
tree9705f4797da3226f20e7c8a091501a20bee5ab20 /kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
parentfd6f03148fbe2a94a6547aec64a6b5ab51ec55a5 (diff)
improve logstash parsing
improve parsing of timestamp epoch and micro Issue-ID: CLAMP-218 Change-Id: If87ba818caaba783ef667e149c4c0824daa7dc2c Signed-off-by: osgn422w <gn422w@intl.att.com>
Diffstat (limited to 'kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf')
-rw-r--r--kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf56
1 files changed, 39 insertions, 17 deletions
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
index 5d92de637b..f88e40da14 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
@@ -21,6 +21,7 @@ input {
Accept => "application/json"
}
add_field => { "topic" => "${event_topic}" }
+ type => "dmaap_event"
}
notification_queue => {
method => get
@@ -29,6 +30,7 @@ input {
Accept => "application/json"
}
add_field => { "topic" => "${notification_topic}" }
+ type => "dmaap_notification"
}
request_queue => {
method => get
@@ -37,6 +39,7 @@ input {
Accept => "application/json"
}
add_field => { "topic" => "${request_topic}" }
+ type => "dmaap_request"
}
}
socket_timeout => 30
@@ -47,26 +50,39 @@ input {
}
filter {
- # avoid noise if no entry in the list
- if [message] == "[]" {
- drop { }
- }
+ if [type] != "dmaap_log" {
+ # avoid noise if no entry in the list
+ if [message] == "[]" {
+ drop { }
+ }
- # parse json, split the list into multiple events, and parse each event
- json {
- source => "[message]"
- target => "message"
- }
- split {
- field => "message"
- }
- json {
- source => "message"
+ # parse json, split the list into multiple events, and parse each event
+ json {
+ source => "[message]"
+ target => "message"
+ }
+ split {
+ field => "message"
+ add_field => {
+ "type" => "%{type}"
+ "topic" => "%{topic}"
+ }
+ }
+ json {
+ source => "message"
+ }
+ mutate { remove_field => [ "message" ] }
}
- mutate { remove_field => [ "message" ] }
+
# express timestamps in milliseconds instead of microseconds
ruby {
- code => "event.set('closedLoopAlarmStart', Integer(event.get('closedLoopAlarmStart')))"
+ code => "
+ if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999
+ event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000)
+ else
+ event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10))
+ end
+ "
}
date {
match => [ "closedLoopAlarmStart", UNIX_MS ]
@@ -75,7 +91,13 @@ filter {
if [closedLoopAlarmEnd] {
ruby {
- code => "event.set('closedLoopAlarmEnd', Integer(event.get('closedLoopAlarmEnd')))"
+ code => "
+ if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999
+ event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000)
+ else
+ event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10))
+ end
+ "
}
date {
match => [ "closedLoopAlarmEnd", UNIX_MS ]