]> git.openstreetmap.org Git - chef.git/blob - cookbooks/logstash/templates/default/logstash.conf.erb
Merge remote-tracking branch 'github/pull/570'
[chef.git] / cookbooks / logstash / templates / default / logstash.conf.erb
1 input {
2   beats {
3     port => 5044
4     ssl => true
5     ssl_certificate => "/var/lib/logstash/beats.crt"
6     ssl_key => "/var/lib/logstash/beats.key"
7   }
8 }
9
10 filter {
11   if [type] == "apache" {
12     grok {
13       match => [ "message", "%{COMBINEDAPACHELOG} %{NUMBER:duration:int}us %{NOTSPACE:request_id} %{NOTSPACE:ssl_protocol} %{NOTSPACE:ssl_cipher}" ]
14     }
15     date {
16       match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
17     }
18     if [agent] == "-" {
19       mutate {
20         remove_field => [ "agent" ]
21       }
22     } else {
23       useragent {
24         source => "agent"
25         target => "useragent"
26       }
27       grok {
28         match => { "agent" => "%{JOSM:[useragent][name]=JOSM}/%{POSINT:[useragent][major]}\.%{POSINT:[useragent][minor]} \(%{POSINT:[useragent][patch]} \w+\) " }
29         overwrite => [ "[useragent][name]", "[useragent][major]", "[useragent][minor]", "[useragent][patch]" ]
30         tag_on_failure => []
31       }
32       mutate {
33         rename => { "agent" => "[useragent][raw]" }
34       }
35     }
36   } else if [type] == "rails" {
37     json {
38       source => "message"
39       remove_field => [
40         "message",
41         "[parameters][authenticity_token]",
42         "[parameters][pass_crypt]",
43         "[parameters][pass_crypt_confirmation]",
44         "[parameters][utf8]"
45       ]
46     }
47     if [duration] {
48       ruby {
49         code => "event['duration'] = Integer(event['duration'] * 1000000)"
50       }
51     }
52     if [db] {
53       ruby {
54         code => "event['db'] = Integer(event['db'] * 1000000)"
55       }
56     }
57     if [view] {
58       ruby {
59         code => "event['view'] = Integer(event['view'] * 1000000)"
60       }
61     }
62   }
63
64   if [host] =~ /^spike-/ {
65     mutate {
66       add_tag => [ "frontend" ]
67     }
68   } else if [host] =~ /^thorn-/ {
69     mutate {
70       add_tag => [ "backend" ]
71     }
72   }
73 }
74
75 output {
76   elasticsearch {
77     hosts => [ "127.0.0.1" ]
78   }
79 }