API tools faq
paste
Guest User

Untitled

a guest
Oct 18th, 2018
105
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.97 KB | None | 0 0
raw download clone embed print report
  1. input {
  2. tcp { port => 5514 }
  3. }
  4. filter {
  5. json { source => "message" }
  6. if [check][status] == "0" {
  7. mutate {
  8. add_tag => "state-ok"
  9. }
  10. }
  11. else if [check][status] == "1" {
  12. mutate {
  13. add_tag => "state-warning"
  14. }
  15. }
  16. else if [check][status] == "2" {
  17. mutate {
  18. add_tag => "state-critical"
  19. }
  20. }
  21. mutate {
  22. gsub => ["[check][name]","_GOTMDEV","",
  23. "[check][name]","_GOTMMLE",""]
  24. add_field => {
  25. "name" => "%{[check][name]}"
  26. "clientName" => "%{[client][name]}"
  27. "clientAddress" => "%{[client][address]}"
  28. "checkCommand" => "%{[check][command]}"
  29. "checkDuration" => "%{[check][duration]}"
  30. "checkInterval" => "%{[check][interval]}"
  31. "checkPayloadType" => "%{[check][payload-type]}"
  32. "checkStatus" => "%{[check][status]}"
  33. }
  34. }
  35. if [check][name] == "keepalive" {
  36. mutate {
  37. add_field => {
  38. "checkHandler" => "%{[check][handler]}"
  39. "checkOutput" => "%{[check][output]}"
  40. "checkThresholsdCritical" => "%{[check][thresholds][critical]}"
  41. "checkThresholsdWarning" => "%{[check][thresholds][warning]}"
  42. "checkTotalStateChange" => "%{[check][total_state_change]}"
  43. "checkType" => "%{[check][type]}"
  44. "clientKeepaliveHandler" => "%{[client][keepalive][handler]}"
  45. "clientKeepaliveThresholsdCritical" => "%{[client][keepalive][thresholds][critical]}"
  46. "clientKeepaliveThresholsdWarning" => "%{[client][keepalive][thresholds][warning]}"
  47. "clientVersion" => "%{[client][version]}"
  48. }
  49. }
  50. mutate {
  51. remove_field => ["[check][executed]",
  52. "[check][handler]",
  53. "[check][history]",
  54. "[check][issued]",
  55. "[check][name]",
  56. "[check][output]",
  57. "[check][threshold][critical]",
  58. "[check][threshold][warning]",
  59. "[check][total_state_change]",
  60. "[check][type]",
  61. "checkCommand",
  62. "checkDuration",
  63. "checkInterval",
  64. "checkPayloadType",
  65. "[client][address]",
  66. "[client][keepalive][handler]",
  67. "[client][keepalive][threshold][critical]",
  68. "[client][keepalive][threshold][warning]",
  69. "[client][name]",
  70. "[client][subscription]",
  71. "[client][timestamp]",
  72. "message",
  73. "occurrences",
  74. "occurrences_watermark",
  75. "last_ok"]
  76. }
  77. }
  78. if [check][payload-type] == "json" {
  79. mutate {
  80. add_tag => "payload-json"
  81. gsub => ["[check][output]","}\n{","},{"]
  82. replace => {"[check][output]" => "[%{[check][output]}]"}
  83. gsub => ["[name]","json-",""]
  84. }
  85. json { source => "[check][output]"
  86. target => "data"}
  87. split { field => "data" }
  88. mutate {
  89. remove_field => ["[check][output]",
  90. "[check][name]",
  91. "[check][command]",
  92. "[check][duration]",
  93. "[check][interval]",
  94. "[check][payload-type]",
  95. "[check][status]",
  96. "occurrences",
  97. "silenced",
  98. "[check][handler]",
  99. "[check][subscribers]",
  100. "[check][standalone]",
  101. "[check][total_state_change]",
  102. "[check][executed]",
  103. "[check][history]",
  104. "[check][type]",
  105. "[check][issued]",
  106. "message",
  107. "occurrences_watermark",
  108. "last_ok",
  109. "@version",
  110. "[client][subscriptions]",
  111. "client",
  112. "action",
  113. "id",
  114. "timestamp",
  115. "silenced_by"]
  116. }
  117. }
  118. else if [check][payload-type] == "event-queues-xml" {
  119. if !("split-xml" in [tags]) {
  120. mutate {
  121. add_tag => "split-xml"
  122. }
  123. json { source => "[check][output]"
  124. target => "data"}
  125. split { field => "data" }
  126. }
  127. if [data][EventQueuesPerf][App] {
  128. if ("split-xml" in [tags]) {
  129. split{field => "data[EventQueuesPerf][App]"}
  130. split{field => "data[EventQueuesPerf][App][EventQueues][EventQueue]"}
  131. split{field => "data[EventQueuesPerf][App][EventQueues][EventQueue][Threads][Thread]"}
  132. }
  133. }
  134. else {
  135. split{field => "data[EventQueuesPerf][EventQueues][EventQueue]"}
  136. split{field => "data[EventQueuesPerf][EventQueues][EventQueue][Threads][Thread]"}
  137. }
  138. mutate {
  139. remove_field => ["[check][output]",
  140. "[check][name]",
  141. "[check][command]",
  142. "[check][duration]",
  143. "[check][interval]",
  144. "[check][payload-type]",
  145. "[check][status]",
  146. "occurrences",
  147. "silenced",
  148. "[check][handler]",
  149. "[check][subscribers]",
  150. "[check][standalone]",
  151. "[check][total_state_change]",
  152. "[check][executed]",
  153. "[check][history]",
  154. "[check][type]",
  155. "[check][issued]",
  156. "message",
  157. "occurrences_watermark",
  158. "last_ok",
  159. "@version",
  160. "[client][subscriptions]",
  161. "client",
  162. "action",
  163. "id",
  164. "timestamp",
  165. "silenced_by"]
  166. }
  167. }
  168. else if [check][payload-type] == "app-cache-perf-xml" {
  169. if !("split-xml" in [tags]) {
  170. mutate {
  171. add_tag => "split-xml"
  172. }
  173. json { source => "[check][output]"
  174. target => "data"}
  175. split { field => "data" }
  176. }
  177. if [data][OTMCachesPerf][App] {
  178. if ("split-xml" in [tags]) {
  179. split{field => "data[OTMCachesPerf][App]"}
  180. split{field => "data[OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance]"}
  181. }
  182. }
  183. else {
  184. split{field => "data[OTMCachesPerf][OTMCachePerformances][OTMCachePerformance]"}
  185. }
  186. mutate {
  187. remove_field => ["[check][output]",
  188. "[check][name]",
  189. "[check][command]",
  190. "[check][duration]",
  191. "[check][interval]",
  192. "[check][payload-type]",
  193. "[check][status]",
  194. "occurrences",
  195. "silenced",
  196. "[check][handler]",
  197. "[check][subscribers]",
  198. "[check][standalone]",
  199. "[check][total_state_change]",
  200. "[check][executed]",
  201. "[check][history]",
  202. "[check][type]",
  203. "[check][issued]",
  204. "message",
  205. "occurrences_watermark",
  206. "last_ok",
  207. "@version",
  208. "[client][subscriptions]",
  209. "client",
  210. "action",
  211. "id",
  212. "timestamp",
  213. "silenced_by"]
  214. }
  215. }
  216. else if [check][payload-type] == "web-cache-perf-xml" {
  217. if !("split-xml" in [tags]) {
  218. mutate {
  219. add_tag => "split-xml"
  220. }
  221. json { source => "[check][output]"
  222. target => "data"}
  223. split { field => "data" }
  224. }
  225. if [data][OTMCachesPerf][Web] {
  226. if ("split-xml" in [tags]) {
  227. split{field => "data[OTMCachesPerf][Web]"}
  228. split{field => "data[OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance]"}
  229. }
  230. }
  231. else {
  232. split{field => "data[OTMCachesPerf][OTMCachePerformances][OTMCachePerformance]"}
  233. }
  234. mutate {
  235. remove_field => ["[check][output]",
  236. "[check][name]",
  237. "[check][command]",
  238. "[check][duration]",
  239. "[check][interval]",
  240. "[check][payload-type]",
  241. "[check][status]",
  242. "occurrences",
  243. "silenced",
  244. "[check][handler]",
  245. "[check][subscribers]",
  246. "[check][standalone]",
  247. "[check][total_state_change]",
  248. "[check][executed]",
  249. "[check][history]",
  250. "[check][type]",
  251. "[check][issued]",
  252. "message",
  253. "occurrences_watermark",
  254. "last_ok",
  255. "@version",
  256. "[client][subscriptions]",
  257. "client",
  258. "action",
  259. "id",
  260. "timestamp",
  261. "silenced_by"]
  262. }
  263. }
  264. if [name] == "stale-transmission" {
  265. mutate {
  266. add_field => {
  267. "v_document_id" => "%{[data][I_TRANSMISSION_NO]}"
  268. }
  269. }
  270. }
  271. else if [name] == "agent-tracking-feed" {
  272. date {
  273. match => ["[data][INSERT_DATE]","yyyy-MM-dd HH:mm:ss ZZ"]
  274. target => "[data][INSERT_DATE]"
  275. }
  276. mutate {
  277. add_field => {
  278. "v_document_id" => "%{[data][TRACKING_FEED_ID]}"
  279. }
  280. }
  281. }
  282. else if [name] == "object-locks" {
  283. date {
  284. match => ["[data][OWNED_SINCE]","yyyy-MM-dd HH:mm:ss ZZ"]
  285. target => "[data][OWNED_SINCE]"
  286. }
  287. date {
  288. match => ["[data][INSERT_DATE]","yyyy-MM-dd HH:mm:ss ZZ"]
  289. target => "[data][INSERT_DATE]"
  290. }
  291. date {
  292. match => ["[data][UPDATE_DATE]","yyyy-MM-dd HH:mm:ss ZZ"]
  293. target => "[data][UPDATE_DATE]"
  294. }
  295. mutate {
  296. add_field => {
  297. "v_document_id" => "%{[data][LOCK_TYPE]}-%{[data][OBJECT_ID]}"
  298. }
  299. }
  300. }
  301. else if [name] == "uncommitted-dml" {
  302. date {
  303. match => ["[data][START_TIME]","MM/dd/yy HH:mm:ss"]
  304. target => "[data][START_TIME]"
  305. }
  306. mutate {
  307. convert => {
  308. "[data][NUM_OF_DB_LOCKS]" => "integer"
  309. "[data][NUM_OF_TRANSACTIONS]" => "integer"
  310. }
  311. add_field => {
  312. "v_document_id" => "%{[data][SID]}"
  313. }
  314. }
  315. }
  316. else if [name] == "database-locks" {
  317. date {
  318. match => ["[data][START_TIME]","MM/dd/yy HH:mm:ss"]
  319. target => "[data][START_TIME]"
  320. }
  321. mutate {
  322. add_field => {
  323. "v_document_id" => "%{[data][BLOCKER_SID]}-%{[data][BLOCKEE_SID]}-%{[data][OBJECT_ID]}"
  324. }
  325. }
  326. }
  327. else if [name] == "event-queues" {
  328. if ![data][EventQueuesPerf][App] {
  329. mutate {
  330. add_field => { "[data][EventQueuesPerf][App][id]" => "App Server" }
  331. rename => {
  332. "[data][EventQueuesPerf][EventQueues][EventQueue][id]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][id]"
  333. "[data][EventQueuesPerf][EventQueues][EventQueue][Backlog]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][Backlog]"
  334. "[data][EventQueuesPerf][EventQueues][EventQueue][LongestEvent]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][LongestEvent]"
  335. "[data][EventQueuesPerf][EventQueues][EventQueue][ProcessTime][Average]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][ProcessTime][Average]"
  336. "[data][EventQueuesPerf][EventQueues][EventQueue][ProcessTime][Count]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][ProcessTime][Count]"
  337. "[data][EventQueuesPerf][EventQueues][EventQueue][ProcessTime][Maximum]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][ProcessTime][Maximum]"
  338. "[data][EventQueuesPerf][EventQueues][EventQueue][ProcessTime][Total]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][ProcessTime][Total]"
  339. "[data][EventQueuesPerf][EventQueues][EventQueue][QueueSize][Average]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][QueueSize][Average]"
  340. "[data][EventQueuesPerf][EventQueues][EventQueue][QueueSize][Count]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][QueueSize][Count]"
  341. "[data][EventQueuesPerf][EventQueues][EventQueue][QueueSize][Maximum]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][QueueSize][Maximum]"
  342. "[data][EventQueuesPerf][EventQueues][EventQueue][QueueSize][Total]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][QueueSize][Total]"
  343. "[data][EventQueuesPerf][EventQueues][EventQueue][Threads][Thread][Since]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][Threads][Thread][Since]"
  344. "[data][EventQueuesPerf][EventQueues][EventQueue][Threads][Thread][State]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][Threads][Thread][State]"
  345. "[data][EventQueuesPerf][EventQueues][EventQueue][Threads][Thread][id]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][Threads][Thread][id]"
  346. "[data][EventQueuesPerf][EventQueues][EventQueue][Throughput]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][Throughput]"
  347. "[data][EventQueuesPerf][EventQueues][EventQueue][WaitTime][Average]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][WaitTime][Average]"
  348. "[data][EventQueuesPerf][EventQueues][EventQueue][WaitTime][Count]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][WaitTime][Count]"
  349. "[data][EventQueuesPerf][EventQueues][EventQueue][WaitTime][Maximum]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][WaitTime][Maximum]"
  350. "[data][EventQueuesPerf][EventQueues][EventQueue][WaitTime][Total]" => "[data][EventQueuesPerf][App][EventQueues][EventQueue][WaitTime][Total]"
  351. "[data][EventQueuesPerf][LastResetTime]" => "[data][EventQueuesPerf][App][LastResetTime]" }
  352. }
  353. }
  354. mutate {
  355. convert => {
  356. "[data][EventQueuesPerf][App][EventQueues][EventQueue][Backlog]" => "float"
  357. "[data][EventQueuesPerf][App][EventQueues][EventQueue][ProcessTime][Average]" => "float"
  358. "[data][EventQueuesPerf][App][EventQueues][EventQueue][ProcessTime][Count]" => "float"
  359. "[data][EventQueuesPerf][App][EventQueues][EventQueue][ProcessTime][Maximum]" => "float"
  360. "[data][EventQueuesPerf][App][EventQueues][EventQueue][ProcessTime][Total]" => "float"
  361. "[data][EventQueuesPerf][App][EventQueues][EventQueue][QueueSize][Average]" => "float"
  362. "[data][EventQueuesPerf][App][EventQueues][EventQueue][QueueSize][Count]" => "float"
  363. "[data][EventQueuesPerf][App][EventQueues][EventQueue][QueueSize][Maximum]" => "float"
  364. "[data][EventQueuesPerf][App][EventQueues][EventQueue][QueueSize][Total]" => "float"
  365. "[data][EventQueuesPerf][App][EventQueues][EventQueue][Throughput]" => "float"
  366. "[data][EventQueuesPerf][App][EventQueues][EventQueue][WaitTime][Average]" => "float"
  367. "[data][EventQueuesPerf][App][EventQueues][EventQueue][WaitTime][Count]" => "float"
  368. "[data][EventQueuesPerf][App][EventQueues][EventQueue][WaitTime][Maximum]" => "float"
  369. "[data][EventQueuesPerf][App][EventQueues][EventQueue][WaitTime][Total]" => "float"
  370. }
  371. }
  372. date {
  373. match => ["[data][EventQueuesPerf][App][EventQueues][EventQueue][Threads][Thread][Since]","yyyy-MM-dd HH:mm:ss ZZZ"]
  374. target => "[data][EventQueuesPerf][App][EventQueues][EventQueue][Threads][Thread][Since]"
  375. }
  376. date {
  377. match => ["[data][EventQueuesPerf][App][LastResetTime]","yyyy-MM-dd HH:mm:ss ZZZ"]
  378. target => "[data][EventQueuesPerf][App][LastResetTime]"
  379. }
  380. date {
  381. match => ["[data][time]","yyyy-MM-dd HH:mm:ss ZZZ"]
  382. target => "[data][time]"
  383. }
  384. if ![data][EventQueuesPerf][App][EventQueues][EventQueue][Threads][Thread][id] {
  385. mutate {
  386. add_field => {
  387. "v_document_id" => "%{[data][time]}-%{[data][EventQueuesPerf][App][id]}-%{[data][EventQueuesPerf][App][EventQueues][EventQueue][id]}"
  388. }
  389. }
  390. }
  391. else {
  392. mutate {
  393. add_field => {
  394. "v_document_id" => "%{[data][time]}-%{[data][EventQueuesPerf][App][id]}-%{[data][EventQueuesPerf][App][EventQueues][EventQueue][id]}-%{[data][EventQueuesPerf][App][EventQueues][EventQueue][Threads][Thread][id]}"
  395. }
  396. }
  397. }
  398. }
  399. else if [name] == "bulk-plan" {
  400. date {
  401. match => ["[data][START_TIME]","yyyy-MM-dd HH:mm:ss ZZ"]
  402. target => "[data][START_TIME]"
  403. }
  404. date {
  405. match => ["[data][END_TIME]","yyyy-MM-dd HH:mm:ss ZZ"]
  406. target => "[data][END_TIME]"
  407. }
  408. date {
  409. match => ["[data][TERMINATION_TIME]","yyyy-MM-dd HH:mm:ss ZZ"]
  410. target => "[data][TERMINATION_TIME]"
  411. }
  412. mutate {
  413. convert => {
  414. "[data][NUM_OF_ORDERS_SELECTED]" => "integer"
  415. "[data][NUM_ORDER_MOVEMENTS_SELECTED]" => "integer"
  416. }
  417. add_field => {
  418. "v_document_id" => "%{[data][DOMAIN_NAME]}.%{[data][BULK_PLAN_XID]}"
  419. }
  420. }
  421. }
  422. else if [name] == "app-cache-performance" {
  423. if ![data][OTMCachesPerf][App] {
  424. mutate {
  425. add_field => { "[data][OTMCachesPerf][App][id]" => "App Server" }
  426. rename => {
  427. "[data][OTMCachesPerf][LastResetTime]" => "[data][OTMCachesPerf][App][LastResetTime]"
  428. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Capacity]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Capacity]"
  429. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Gets]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Gets]"
  430. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][HitRatio]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][HitRatio]"
  431. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Logging]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Logging]"
  432. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Puts]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Puts]"
  433. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Size]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Size]"
  434. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][SwapRatio]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][SwapRatio]"
  435. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Synch]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Synch]"
  436. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Timeout]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Timeout]"
  437. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Type]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Type]"
  438. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][id]" => "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][id]"
  439. }
  440. }
  441. }
  442. mutate {
  443. convert => {
  444. "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Capacity]" => "float"
  445. "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Gets]" => "float"
  446. "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][HitRatio]" => "float"
  447. "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Puts]" => "float"
  448. "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Size]" => "float"
  449. "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][SwapRatio]" => "float"
  450. "[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][Timeout]" => "float"
  451. }
  452. }
  453. date {
  454. match => ["[data][OTMCachesPerf][App][LastResetTime]","yyyy-MM-dd HH:mm:ss ZZZ"]
  455. target => "[data][OTMCachesPerf][App][LastResetTime]"
  456. }
  457. date {
  458. match => ["[data][time]","yyyy-MM-dd HH:mm:ss ZZZ"]
  459. target => "[data][time]"
  460. }
  461. mutate {
  462. add_field => {
  463. "v_document_id" => "%{[data][time]}-%{[data][OTMCachesPerf][App][id]}-%{[data][OTMCachesPerf][App][OTMCachePerformances][OTMCachePerformance][id]}"
  464. }
  465. }
  466. }
  467. else if [name] == "web-cache-performance" {
  468. if ![data][OTMCachesPerf][Web] {
  469. mutate {
  470. add_field => { "[data][OTMCachesPerf][Web][id]" => "Web Server" }
  471. rename => {
  472. "[data][OTMCachesPerf][LastResetTime]" => "[data][OTMCachesPerf][Web][LastResetTime]"
  473. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Capacity]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Capacity]"
  474. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Gets]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Gets]"
  475. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][HitRatio]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][HitRatio]"
  476. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Logging]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Logging]"
  477. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Puts]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Puts]"
  478. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Size]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Size]"
  479. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][SwapRatio]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][SwapRatio]"
  480. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Synch]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Synch]"
  481. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Timeout]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Timeout]"
  482. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][Type]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Type]"
  483. "[data][OTMCachesPerf][OTMCachePerformances][OTMCachePerformance][id]" => "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][id]"
  484. }
  485. }
  486. }
  487. mutate {
  488. convert => {
  489. "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Capacity]" => "float"
  490. "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Gets]" => "float"
  491. "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][HitRatio]" => "float"
  492. "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Puts]" => "float"
  493. "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Size]" => "float"
  494. "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][SwapRatio]" => "float"
  495. "[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][Timeout]" => "float"
  496. }
  497. }
  498. date {
  499. match => ["[data][OTMCachesPerf][Web][LastResetTime]","yyyy-MM-dd HH:mm:ss ZZZ"]
  500. target => "[data][OTMCachesPerf][Web][LastResetTime]"
  501. }
  502. date {
  503. match => ["[data][time]","yyyy-MM-dd HH:mm:ss ZZZ"]
  504. target => "[data][time]"
  505. }
  506. mutate {
  507. add_field => {
  508. "v_document_id" => "%{[data][time]}-%{[data][OTMCachesPerf][Web][id]}-%{[data][OTMCachesPerf][Web][OTMCachePerformances][OTMCachePerformance][id]}"
  509. }
  510. }
  511. }
  512. else {
  513. fingerprint {
  514. source => ["message"]
  515. target => "v_document_id"
  516. key => "78787878"
  517. method => "SHA1"
  518. concatenate_sources => true
  519. }
  520. }
  521. if "_jsonparsefailure" in [tags] {
  522. drop { }
  523. }
  524. }
  525. output {
  526. elasticsearch {
  527. hosts => "******.com"
  528. user => "elastic"
  529. password => "changeme"
  530. index => "%{[name]}-%{+YYYY.MM.dd}"
  531. document_id => "%{[v_document_id]}"
  532. }
  533. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!