summaryrefslogtreecommitdiffstats
path: root/extra/docker/elk/logstash-conf
diff options
context:
space:
mode:
authorac2550 <ac2550@intl.att.com>2018-03-20 12:35:48 +0100
committerac2550 <ac2550@intl.att.com>2018-03-20 13:13:38 +0100
commit5082fd7ed2037dfdb9c37ae60b77bc3165262663 (patch)
tree2c78b8ff995d15b245b878bdde187a70bad016e5 /extra/docker/elk/logstash-conf
parent3dc5f2a4a5c066a57ef0ce346be884b045ae73c9 (diff)
Adding CLAMP Dashboard
Change-Id: I0496fa7303dbeaf72b00e4382f71bdb0069abb9a Issue-ID: CLAMP-77 Signed-off-by: ac2550 <ac2550@intl.att.com>
Diffstat (limited to 'extra/docker/elk/logstash-conf')
-rw-r--r--extra/docker/elk/logstash-conf/logstash.conf99
1 files changed, 99 insertions, 0 deletions
diff --git a/extra/docker/elk/logstash-conf/logstash.conf b/extra/docker/elk/logstash-conf/logstash.conf
new file mode 100644
index 000000000..2b5a24e04
--- /dev/null
+++ b/extra/docker/elk/logstash-conf/logstash.conf
@@ -0,0 +1,99 @@
+input {
+ http_poller {
+ urls => {
+ event_queue => {
+ method => get
+ url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
+ headers => {
+ Accept => "application/json"
+ }
+ add_field => { "topic" => "${event_topic}" }
+ }
+ notification_queue => {
+ method => get
+ url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
+ headers => {
+ Accept => "application/json"
+ }
+ add_field => { "topic" => "${notification_topic}" }
+ }
+ request_queue => {
+ method => get
+ url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
+ headers => {
+ Accept => "application/json"
+ }
+ add_field => { "topic" => "${request_topic}" }
+ }
+ }
+ socket_timeout => 30
+ request_timeout => 30
+ interval => 15
+ codec => "plain"
+ }
+}
+
+filter {
+ # avoid noise if no entry in the list
+ if [message] == "[]" {
+ drop { }
+ }
+
+ # parse json, split the list into multiple events, and parse each event
+ json {
+ source => "[message]"
+ target => "message"
+ }
+ split {
+ field => "message"
+ }
+ json {
+ source => "message"
+ }
+ mutate { remove_field => [ "message" ] }
+ # express timestamps in milliseconds instead of microseconds
+ ruby {
+ code => "event.set('closedLoopAlarmStart', Integer(event.get('closedLoopAlarmStart')))"
+ }
+ date {
+ match => [ "closedLoopAlarmStart", UNIX_MS ]
+ target => "closedLoopAlarmStart"
+ }
+
+ if [closedLoopAlarmEnd] {
+ ruby {
+ code => "event.set('closedLoopAlarmEnd', Integer(event.get('closedLoopAlarmEnd')))"
+ }
+ date {
+ match => [ "closedLoopAlarmEnd", UNIX_MS ]
+ target => "closedLoopAlarmEnd"
+ }
+
+ }
+ #"yyyy-MM-dd HH:mm:ss"
+ if [notificationTime] {
+ mutate {
+ gsub => [
+ "notificationTime", " ", "T"
+ ]
+ }
+ date {
+ match => [ "notificationTime", ISO8601 ]
+ target => "notificationTime"
+ }
+ }
+}
+output {
+ stdout {
+ codec => rubydebug
+ }
+
+ elasticsearch {
+ codec => "json"
+ hosts => [elasticsearch]
+ index => "logstash-%{+YYYY.MM.DD}" # creates daily indexes
+ doc_as_upsert => true
+
+ }
+
+}