Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- tcp {
- port => 9001
- codec => "json_lines"
- add_field => {
- "platform" => "digital"
- "environment" => "prod"
- }
- }
- tcp {
- port => 9002
- codec => "json_lines"
- add_field => {
- "platform" => "digital"
- "environment" => "preprod"
- }
- }
- tcp {
- port => 9003
- codec => "json_lines"
- add_field => {
- "platform" => "digital"
- "environment" => "recette"
- }
- }
- beats {
- port => 9004
- add_field => {
- "platform" => "UBW"
- "environment" => "prod"
- }
- }
- beats {
- port => 9005
- add_field => {
- "platform" => "pi"
- "environment" => "prod"
- }
- }
- beats {
- port => 9006
- add_field => {
- "platform" => "export"
- "environment" => "prod"
- }
- }
- beats {
- port => 9007
- add_field => {
- "platform" => "DNS"
- "environment" => "prod"
- }
- }
- beats {
- port => 9008
- add_field => {
- "platform" => "logs"
- "environment" => "prod"
- }
- }
- beats {
- port => 9009
- add_field => {
- "platform" => "tools"
- "environment" => "prod"
- }
- }
- syslog {
- port => 9010
- id => "syslog_phenix_proxy-datacard"
- add_field => {
- "platform" => "proxy-datacard"
- "environment" => "prod"
- }
- }
- syslog {
- port => 9011
- id => "syslog_digital_prod"
- add_field => {
- "platform" => "digital"
- "environment" => "prod"
- }
- }
- syslog {
- port => 9012
- id => "syslog_digital_preprod"
- add_field => {
- "platform" => "digital"
- "environment" => "preprod"
- }
- }
- syslog {
- port => 9013
- id => "syslog_digital_recette"
- add_field => {
- "platform" => "digital"
- "environment" => "recette"
- }
- }
- beats {
- port => 9014
- add_field => {
- "platform" => "bounce"
- "environment" => "prod"
- }
- }
- }
- filter {
- mutate {
- add_field => { "indexed_by" => "shipper-de-a" }
- }
- if [platform] == "UBW" {
- if [fields][application] == "export-agresso" {
- mutate {
- rename => { "message" => "original_message" }
- }
- dissect {
- mapping => { "original_message" => "%{ts} %{+ts};%{loglevel};%{message}" }
- }
- }
- }
- if [platform] == "DNS" and [type] == "log" and [source] == "/var/log/unbound/unbound.log" {
- dissect {
- mapping => {
- "message" => "[%{unbound.query_ts}] %{unbound.proc_name}[%{unbound.pid}:%{unbound.thread_no}] %{unbound.log_level}: %{unbound.message}"
- }
- }
- date {
- match => [ "unbound.query_ts", "UNIX" ]
- timezone => "Europe/Paris"
- target => "unbound.query_ts"
- }
- grok {
- match => { "unbound.message" => ["%{IP:unbound.query.client} %{HOSTNAME:unbound.query.domain} %{WORD:unbound.query.type} %{WORD:unbound.query.class}",
- "%{GREEDYDATA:unbound.message}"]}
- }
- }
- }
- output {
- if [platform] == "talend" {
- elasticsearch {
- index => "talend-%{+YYYY.MM.dd}"
- hosts => ["https://elasticsearch-alb:9200"]
- }
- } else if [type] == "wineventlog" {
- elasticsearch {
- index => "winlogbeat-%{+YYYY.MM.dd}"
- hosts => ["https://elasticsearch-alb:9200"]
- }
- } else if [type] == "metricsets" {
- elasticsearch {
- index => "metricbeat-%{+YYYY.MM.dd}"
- hosts => ["https://elasticsearch-alb:9200"]
- }
- } else if [platform] == "digital" {
- elasticsearch {
- index => "digital-%{+YYYY.MM.dd}"
- hosts => ["https://elasticsearch-alb:9200"]
- }
- } else {
- elasticsearch {
- hosts => ["https://elasticsearch-alb:9200"]
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
