Skip to content

Commit ab1e80a

Browse files
lexminglexming
authored
Merge pull request #29 from wpoely86/cleanup
bring config file for test in sync with production
2 parents b54986e + 03e1be7 commit ab1e80a

File tree

1 file changed

+45
-20
lines changed

1 file changed

+45
-20
lines changed

tests/logstash_7.6.2.conf

Lines changed: 45 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,9 @@ input {
22
stdin { } # logstash stops when input is closed
33
}
44

5-
filter {
5+
filter
6+
{
67
grok {
7-
88
add_field => {
99
"received_at" => "%{@timestamp}"
1010
"received_from" => "%{@source_host}"
@@ -15,9 +15,36 @@ filter {
1515
patterns_dir => [ "/tmp/logpatterns-groktest" ]
1616

1717
match => {
18-
# RSYSLOGCUSTOM always last (and no PREFIX)!
19-
"message" => ["%{RSYSLOGCUSTOMHEADER}%{PIXIU_ALARM}", "%{RSYSLOGCUSTOMHEADER}%{PIXIU_BASH}", "%{RSYSLOGCUSTOMHEADER}%{PIXIU_NGINX}", "%{RSYSLOGCUSTOMHEADER}%{PIXIU_TOMCAT}", "%{RSYSLOGPREFIX}%{PIXIU_APACHE}", "%{RSYSLOGPREFIX}%{SU_MSG}", "%{RSYSLOGPREFIX}%{SUDO_MSG}", "%{RSYSLOGPREFIX}%{REFRAME_MSG}", "%{RSYSLOGPREFIX}%{BASH_MSG}", "%{RSYSLOGPREFIX}%{FAIL2BAN_MSG}", "%{RSYSLOGPREFIX}%{SINGULARITY_MSG}", "%{RSYSLOGPREFIX}%{DHCPD_MSG}", "%{RSYSLOGPREFIX}%{SSH_MSG}", "%{RSYSLOGPREFIX}%{MODULECMD_MSG}", "%{RSYSLOGPREFIX}%{LMOD_MSG}", "%{RSYSLOGPREFIX}%{NFS_MSG}", "%{RSYSLOGPREFIX}%{CEPH_MSG}", "%{RSYSLOGPREFIX}%{OPENNEBULA_MSG}", "%{RSYSLOGPREFIX}%{JUBE_MSG}", "%{RSYSLOGPREFIX}%{SHOREWALL_MSG}", "%{RSYSLOGPREFIX}%{KEYVALUE_MSG}", "%{RSYSLOGPREFIX}%{QUATTOR_MSG}", "%{RSYSLOGPREFIX}%{SNOOPY_MSG}", "%{RSYSLOGPREFIX}%{APACHE_MSG}", "%{RSYSLOGCUSTOM}"]
18+
"message" => [
19+
"%{RSYSLOGCUSTOMHEADER}%{PIXIU_ALARM}",
20+
"%{RSYSLOGCUSTOMHEADER}%{PIXIU_BASH}",
21+
"%{RSYSLOGCUSTOMHEADER}%{PIXIU_NGINX}",
22+
"%{RSYSLOGCUSTOMHEADER}%{PIXIU_TOMCAT}",
23+
"%{RSYSLOGPREFIX}%{PIXIU_APACHE}",
24+
"%{RSYSLOGPREFIX}%{SU_MSG}",
25+
"%{RSYSLOGPREFIX}%{SUDO_MSG}",
26+
"%{RSYSLOGPREFIX}%{REFRAME_MSG}",
27+
"%{RSYSLOGPREFIX}%{BASH_MSG}",
28+
"%{RSYSLOGPREFIX}%{FAIL2BAN_MSG}",
29+
"%{RSYSLOGPREFIX}%{SINGULARITY_MSG}",
30+
"%{RSYSLOGPREFIX}%{DHCPD_MSG}",
31+
"%{RSYSLOGPREFIX}%{SSH_MSG}",
32+
"%{RSYSLOGPREFIX}%{MODULECMD_MSG}",
33+
"%{RSYSLOGPREFIX}%{LMOD_MSG}",
34+
"%{RSYSLOGPREFIX}%{NFS_MSG}",
35+
"%{RSYSLOGPREFIX}%{CEPH_MSG}",
36+
"%{RSYSLOGPREFIX}%{OPENNEBULA_MSG}",
37+
"%{RSYSLOGPREFIX}%{JUBE_MSG}",
38+
"%{RSYSLOGPREFIX}%{SHOREWALL_MSG}",
39+
"%{RSYSLOGPREFIX}%{KEYVALUE_MSG}",
40+
"%{RSYSLOGPREFIX}%{QUATTOR_MSG}",
41+
"%{RSYSLOGPREFIX}%{SNOOPY_MSG}",
42+
"%{RSYSLOGPREFIX}%{APACHE_MSG}",
43+
# RSYSLOGCUSTOM always last (and no PREFIX)!
44+
"%{RSYSLOGCUSTOM}"
45+
]
2046
}
47+
id => "main_grok"
2148
}
2249

2350
kv {
@@ -32,28 +59,26 @@ filter {
3259
mutate {
3360
replace => {
3461
"@source_host" => "%{syslog_hostname}"
35-
"@message" => "%{syslog_message}"
3662
}
3763
}
3864
}
3965

40-
if "_grokparsefailure" not in [tags] {
41-
mutate {
42-
# in the future remove the field 'message' too
43-
remove_field => [ "syslog_hostname", "syslog_message", "syslog_timestamp", "KEY_EQ_VALUEDATA", "int" ]
44-
convert => { "success" => "boolean" }
45-
46-
# we need MB converted to MiB for bytes2human
47-
gsub => [ "used_space", "([0-9]+[kKmMgGtTpP])[bB]", "\1ib",
48-
"quota_space_limit", "([0-9]+[kKmMgGtTpP])[bB]", "\1ib" ]
49-
}
66+
if ([syslog_message]) {
67+
mutate {
68+
replace => {
69+
"@message" => "%{syslog_message}"
70+
}
71+
}
5072
}
5173

52-
if [jube_id] {
53-
if ("_grokparsefailure" not in [tags]) {
54-
mutate {
55-
convert => { "success" => "boolean" }
56-
}
74+
if ("_grokparsefailure" not in [tags]) {
75+
mutate {
76+
remove_field => [ "syslog_hostname", "syslog_message", "syslog_timestamp", "KEY_EQ_VALUEDATA", "int" ]
77+
convert => { "success" => "boolean" }
78+
79+
# we need MB converted to MiB for bytes2human
80+
gsub => [ "used_space", "([0-9]+[kKmMgGtTpP])[bB]", "\1ib",
81+
"quota_space_limit", "([0-9]+[kKmMgGtTpP])[bB]", "\1ib" ]
5782
}
5883
}
5984

0 commit comments

Comments
 (0)