ssl_certificate => "/var/lib/logstash/lumberjack.crt"
ssl_key => "/var/lib/logstash/lumberjack.key"
}
+
+ beats {
+ port => 5044
+ ssl_certificate => "/var/lib/logstash/beats.crt"
+ ssl_key => "/var/lib/logstash/beats.key"
+ }
}
filter {
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
}
+ if [agent] == "-" {
+ mutate {
+ remove_field => [ "agent" ]
+ }
+ } else {
+ useragent {
+ source => "agent"
+ target => "useragent"
+ }
+ grok {
+ match => { "agent" => "%{JOSM:[useragent][name]=JOSM}/%{POSINT:[useragent][major]}\.%{POSINT:[useragent][minor]} \(%{POSINT:[useragent][patch]} \w+\) " }
+ overwrite => [ "[useragent][name]", "[useragent][major]", "[useragent][minor]", "[useragent][patch]" ]
+ tag_on_failure => []
+ }
+ mutate {
+ rename => { "agent" => "[useragent][raw]" }
+ }
+ }
} else if [type] == "rails" {
json {
source => "message"
"[parameters][utf8]"
]
}
+ if [duration] {
+ ruby {
+ code => "event['duration'] = Integer(event['duration'] * 1000000)"
+ }
+ }
+ if [db] {
+ ruby {
+ code => "event['db'] = Integer(event['db'] * 1000000)"
+ }
+ }
+ if [view] {
+ ruby {
+ code => "event['view'] = Integer(event['view'] * 1000000)"
+ }
+ }
+ }
+
+ if [host] =~ /^spike-/ {
+ mutate {
+ add_tag => [ "frontend" ]
+ }
+ } else if [host] =~ /^thorn-/ {
+ mutate {
+ add_tag => [ "backend" ]
+ }
}
}
output {
elasticsearch {
- host => [ "127.0.0.1" ]
- cluster => "<%= node[:elasticsearch][:cluster][:name] %>"
+ hosts => [ "127.0.0.1" ]
}
}