input { file { path => [ "/opt/perfdata-out.log" ] start_position =

1. input {
2.   file {
3.     path => [ "/opt/perfdata-out.log" ]
4.     start_position => "beginning"
5.   }
6. }
7.  
8. filter {
9.     if "Open sockets" in [message] {
10.         grok {
11.             patterns_dir => ["/etc/logstash/patterns"]
12.             match => [ "message", "%{PERFDATATIME}%{PERFDATA_HOST}%{PERFDATA_SERVICE}%{PERFDATA_STATE}(?:used=%{PERFDATA_MATRIX3:socket_used}\s\w+=%{NUMBER:socket_tcp}\s\w+=%{NUMBER:socket_udp}\s\w+=%{NUMBER:socket_raw}|)" ]
13.             remove_field => [ "message", "host", "path" ]
14.         }
15.         date{
16.             match => [ "nagios_epoch", "UNIX_MS" ]
17.         }
18.         mutate {            
19.             split => { "socket_used" => ";" }
20.         }
21.     }
22.     else if "HDD I/O" in [message] {
23.         grok {
24.             patterns_dir => ["/etc/logstash/patterns"]
25.             match => [ "message", "%{PERFDATATIME}%{PERFDATA_HOST}%{PERFDATA_SERVICE}%{PERFDATA_STATE}(?:sda_read=%{PERFDATA_MATRIX3:sda_read}\ssda_write=%{PERFDATA_MATRIX3:sda_write}|)" ]
26.             remove_field => [ "message", "host", "path" ]
27.         }
28.         date{
29.             match => [ "nagios_epoch", "UNIX_MS" ]
30.         }
31.         mutate {            
32.             split => { "sda_read" => ";"
33.                     "sda_write" => ";"
34.                     }
35.         }
36.     }
37.     else if "CPU usage" in [message] {
38.         grok {
39.             patterns_dir => ["/etc/logstash/patterns"]
40.             match => [ "message", "%{PERFDATATIME}%{PERFDATA_HOST}%{PERFDATA_SERVICE}%{PERFDATA_STATE}(?:idle=%{PERFDATA_MATRIX3:cpu_idle}\suser=%{NUMBER:cpu_user}(.?)\ssystem=%{NUMBER:cpu_system}(.?)\siowait=%{NUMBER:cpu_iowait}(.?)\ssteal=%{NUMBER:cpu_steal}(.?)|)" ]
41.             remove_field => [ "message", "host", "path" ]
42.         }
43.         date{
44.             match => [ "nagios_epoch", "UNIX_MS" ]
45.         }
46.         mutate {            
47.             gsub => ["cpu_idle", "%", ""]
48.             split => { "cpu_idle" => ";" }
49.         }
50.     }
51.     else {
52.        
53.         grok {
54.             patterns_dir => ["/etc/logstash/patterns"]
55.             match => [ "message", "%{PERFDATATIME}%{PERFDATA_HOST}%{PERFDATA_SERVICE}%{PERFDATA_STATE}%{GREEDYDATA:parameters}" ]
56.             remove_field => [ "message", "host", "path" ]
57.         }
58.         date{
59.             match => [ "nagios_epoch", "UNIX_MS" ]
60.         }
61.         mutate {
62.             split => { "parameters" => " " }
63.         }
64.     }
65. }
66.  
67. output {
68.     stdout {
69.             codec => rubydebug
70.       }
71.     file {
72.         flush_interval => 2
73.         create_if_deleted  => true
74.         codec => line { format => "%{nagios_epoch} Hostname:%{hostname} Type:%{nagios_service} Status:%{nagios_state} %{nagios_statelevel}" }
75.         path => [ "/opt/perfdata-sort.log" ]
76.          }
77. }