]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/logstash/templates/default/logstash.conf.erb
Collect alertmanager statistics
[chef.git] / cookbooks / logstash / templates / default / logstash.conf.erb
index 68c9fd9210d9b589c5f4a5b2b01b1b2714a3126e..cbc8c909bb89543cc3cebd638bead0e3a3998626 100644 (file)
@@ -1,29 +1,79 @@
 input {
-  lumberjack {
-    port => 5043
-    ssl_certificate => "/var/lib/logstash/lumberjack.crt"
-    ssl_key => "/var/lib/logstash/lumberjack.key"
+  beats {
+    port => 5044
+    ssl => true
+    ssl_certificate => "/var/lib/logstash/beats.crt"
+    ssl_key => "/var/lib/logstash/beats.key"
   }
 }
 
 filter {
   if [type] == "apache" {
     grok {
-      match => [ "message", "%{COMBINEDAPACHELOG} %{NUMBER:duration:int}us %{WORD:request_id} %{NOTSPACE:ssl_protocol} %{NOTSPACE:ssl_cipher}" ]
+      match => [ "message", "%{COMBINEDAPACHELOG} %{NUMBER:duration:int}us %{NOTSPACE:request_id} %{NOTSPACE:ssl_protocol} %{NOTSPACE:ssl_cipher}" ]
     }
     date {
       match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
     }
+    if [agent] == "-" {
+      mutate {
+        remove_field => [ "agent" ]
+      }
+    } else {
+      useragent {
+        source => "agent"
+        target => "useragent"
+      }
+      grok {
+        match => { "agent" => "%{JOSM:[useragent][name]=JOSM}/%{POSINT:[useragent][major]}\.%{POSINT:[useragent][minor]} \(%{POSINT:[useragent][patch]} \w+\) " }
+        overwrite => [ "[useragent][name]", "[useragent][major]", "[useragent][minor]", "[useragent][patch]" ]
+        tag_on_failure => []
+      }
+      mutate {
+        rename => { "agent" => "[useragent][raw]" }
+      }
+    }
   } else if [type] == "rails" {
     json {
       source => "message"
+      remove_field => [
+        "message",
+        "[parameters][authenticity_token]",
+        "[parameters][pass_crypt]",
+        "[parameters][pass_crypt_confirmation]",
+        "[parameters][utf8]"
+      ]
+    }
+    if [duration] {
+      ruby {
+        code => "event['duration'] = Integer(event['duration'] * 1000000)"
+      }
+    }
+    if [db] {
+      ruby {
+        code => "event['db'] = Integer(event['db'] * 1000000)"
+      }
+    }
+    if [view] {
+      ruby {
+        code => "event['view'] = Integer(event['view'] * 1000000)"
+      }
+    }
+  }
+
+  if [host] =~ /^spike-/ {
+    mutate {
+      add_tag => [ "frontend" ]
+    }
+  } else if [host] =~ /^thorn-/ {
+    mutate {
+      add_tag => [ "backend" ]
     }
   }
 }
 
 output {
   elasticsearch {
-    host => [ "127.0.0.1" ]
-    cluster => "<%= node[:elasticsearch][:cluster][:name] %>"
+    hosts => [ "127.0.0.1" ]
   }
 }