sFlow Logstash Config (Dylan)

1. #INPUT SECTION
2. # // not sure how this will behave with different numbers of NICs need to test //
3.  
4. input {
5.     file {
6.      type  => "hsflowd"
7.      path => ["/home/ubuntu/hsflow.streamed"]
8.  
9. }}
10.  
11. #
12. # FILTER SECTION
13. #
14.  
15. filter {
16.  
17.   multiline {
18.   type => "hsflowd"
19.   pattern => "endDatagram   ================================="
20.   negate => true
21.   what => "previous"
22. }}
23.  
24. filter {
25.  
26.   grok {
27.   type => "hsflowd"
28.   patterns_dir => "/home/ubuntu/ls-config-examples/grok_pat"
29.   pattern => "%{DATA}%{SPACE}%{IP:datagramSourceIP}%{SPACE}%{DATA}%{SPACE}%{NUMBER:datagramSize}%{SPACE}%{DATA}%{SPACE}%{NUMBER:unixSecondsUTC}%{SPACE}%{DATA}%{SPACE}%{NUMBER:datagramVersion}%{SPACE}%{D
30. ATA}%{SPACE}%{NUMBER:agentSubID}%{SPACE}%{DATA}%{SPACE}%{IP:agent}%{SPACE}%{DATA}%{SPACE}%{NUMBER:packetSequenceNo}%{SPACE}%{DATA}%{SPACE}%{NUMBER:sysUpTime}%{SPACE}%{DATA}%{SPACE}%{NUMBER:samplesInPack
31. et}%{SPACE}%{WORD}%{SPACE}----------------------%{SPACE}%{DATA}sampleType_tag%{SPACE}%{NUMBER}:%{NUMBER}%{SPACE}%{WORD}%{SPACE}%{WORD:sampleType}%{SPACE}%{WORD}%{SPACE}%{NUMBER:sampleSequenceNo}%{SPACE}
32. %{DATA}%{SPACE}%{NUMBER}:%{NUMBER}%{SPACE}%{DATA}%{SPACE}%{NUMBER}:%{NUMBER}%{SPACE}%{DATA}%{SPACE}%{NUMBER:ifIndex}%{SPACE}%{DATA}%{SPACE}%{NUMBER}%{SPACE}%{DATA}%{SPACE}%{NUMBER}%{SPACE}%{DATA}%{SPACE
33. }%{NUMBER}%{SPACE}%{DATA}%{SPACE}%{NUMBER}%{SPACE}%{DATA}%{SPACE}%{DATA}%{SPACE}%{DATA}%{SPACE}%{NUMBER}:%{NUMBER}%{SPACE}%{DATA}%{SPACE}%{NUMBER:diskTotal}%{SPACE}%{DATA}%{SPACE}%{NUMBER:diskFree}%{SPA
34. CE}%{DATA}%{SPACE}%{NUMBER:diskPartMaxUsed}%{SPACE}%{DATA}%{SPACE}%{NUMBER:diskReads}%{SPACE}%{DATA}%{SPACE}%{NUMBER:diskBytesRead}%{SPACE}%{DATA}%{SPACE}%{NUMBER:diskReadTime}%{SPACE}%{DATA}%{SPACE}%{N
35. UMBER:diskWrites}%{SPACE}%{DATA}%{SPACE}%{NUMBER:diskBytesWritten}%{SPACE}%{DATA}%{SPACE}%{NUMBER:diskWriteTime}%{SPACE}%{DATA}%{SPACE}%{NUMBER}:%{NUMBER}%{SPACE}%{DATA}%{SPACE}%{NUMBER:memTotal}%{SPACE
36. }%{DATA}%{SPACE}%{NUMBER:memFree}%{SPACE}%{DATA}%{SPACE}%{NUMBER:memShared}%{SPACE}%{DATA}%{SPACE}%{NUMBER:memBuffers}%{SPACE}%{DATA}%{SPACE}%{NUMBER:memCached}%{SPACE}%{DATA}%{SPACE}%{NUMBER:swapTotal}
37. %{SPACE}%{DATA}%{SPACE}%{NUMBER:swapFree}%{SPACE}%{DATA}%{SPACE}%{NUMBER:pageIn}%{SPACE}%{DATA}%{SPACE}%{NUMBER:pageOut}%{SPACE}%{DATA}%{SPACE}%{NUMBER:swapIn}%{SPACE}%{DATA}%{SPACE}%{NUMBER:swapOut}%{S
38. PACE}%{DATA}%{SPACE}%{NUMBER}:%{NUMBER}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuLoadOne}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuLoadFive}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuLoadFifteen}%{SPACE}%{DATA}%{SPACE}%{NUMB
39. ER:cpuProcRun}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuProcTotal}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuNumber}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuSpeed}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuUptime}%{SPACE}%{DATA}%{S
40. PACE}%{NUMBER:cpuUser}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuNice}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuSystem}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuIdle}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuWio}%{SPACE}%{DATA}%{SP
41. ACE}%{NUMBER:cpuIntr}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuSintr}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuInterrupts}%{SPACE}%{DATA}%{SPACE}%{NUMBER:cpuContexts}%{SPACE}%{DATA}%{SPACE}%{NUMBER}:%{NUMBER}%{SPACE}
42. %{DATA}%{SPACE}%{NUMBER:nioBytesIn}%{SPACE}%{DATA}%{SPACE}%{NUMBER:nioPacketsIn}%{SPACE}%{DATA}%{SPACE}%{NUMBER:nioErrorsIn}%{SPACE}%{DATA}%{SPACE}%{NUMBER:nioDropsIn}%{SPACE}%{DATA}%{SPACE}%{NUMBER:nio
43. BytesOut}%{SPACE}%{DATA}%{SPACE}%{NUMBER:nioPacketsOut}%{SPACE}%{DATA}%{SPACE}%{NUMBER:nioErrorsOut}%{SPACE}%{DATA}%{SPACE}%{NUMBER:nioDropsOut}%{GREEDYDATA}"
44.  
45.  
46. }}
47.  
48. filter {
49.   mutate {
50.  
51.     convert => [ "nioBytesIn", "integer" ]
52.     convert => [ "nioBytesOut", "integer" ]
53.  
54. }}
55.  
56.  
57. output {
58.  
59.  
60. elasticsearch {
61.  
62.     bind_host => "0.0.0.0"
63. }}
64.  
65.  
66. #stdout {
67. # For debug to console purposes only
68. #    debug => true debug_format => "json"
69. #}