X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/b1019dc608b9fd11d4fd07bd096e9cc24b6cdd05..HEAD:/cookbooks/logstash/templates/default/logstash.conf.erb?ds=sidebyside diff --git a/cookbooks/logstash/templates/default/logstash.conf.erb b/cookbooks/logstash/templates/default/logstash.conf.erb index e4546bb01..cbc8c909b 100644 --- a/cookbooks/logstash/templates/default/logstash.conf.erb +++ b/cookbooks/logstash/templates/default/logstash.conf.erb @@ -1,32 +1,79 @@ input { - lumberjack { - port => 5043 - ssl_certificate => "/var/lib/logstash/lumberjack.crt" - ssl_key => "/var/lib/logstash/lumberjack.key" + beats { + port => 5044 + ssl => true + ssl_certificate => "/var/lib/logstash/beats.crt" + ssl_key => "/var/lib/logstash/beats.key" } } filter { if [type] == "apache" { grok { - match => [ "message", "%{COMBINEDAPACHELOG} %{NUMBER:duration:int}us %{WORD:request_id} %{NOTSPACE:ssl_protocol} %{NOTSPACE:ssl_cipher}" ] + match => [ "message", "%{COMBINEDAPACHELOG} %{NUMBER:duration:int}us %{NOTSPACE:request_id} %{NOTSPACE:ssl_protocol} %{NOTSPACE:ssl_cipher}" ] } date { match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ] } + if [agent] == "-" { + mutate { + remove_field => [ "agent" ] + } + } else { + useragent { + source => "agent" + target => "useragent" + } + grok { + match => { "agent" => "%{JOSM:[useragent][name]=JOSM}/%{POSINT:[useragent][major]}\.%{POSINT:[useragent][minor]} \(%{POSINT:[useragent][patch]} \w+\) " } + overwrite => [ "[useragent][name]", "[useragent][major]", "[useragent][minor]", "[useragent][patch]" ] + tag_on_failure => [] + } + mutate { + rename => { "agent" => "[useragent][raw]" } + } + } } else if [type] == "rails" { json { source => "message" + remove_field => [ + "message", + "[parameters][authenticity_token]", + "[parameters][pass_crypt]", + "[parameters][pass_crypt_confirmation]", + "[parameters][utf8]" + ] + } + if [duration] { + ruby { + code => "event['duration'] = Integer(event['duration'] * 1000000)" + } + } + if [db] { + ruby { + code => "event['db'] = Integer(event['db'] * 1000000)" + } + } + if [view] { + ruby { + code => "event['view'] = Integer(event['view'] * 1000000)" + } + } + } + + if [host] =~ /^spike-/ { + mutate { + add_tag => [ "frontend" ] } + } else if [host] =~ /^thorn-/ { mutate { - remove_field => [ "message" ] + add_tag => [ "backend" ] } } } output { elasticsearch { - host => [ "127.0.0.1" ] - cluster => "<%= node[:elasticsearch][:cluster][:name] %>" + hosts => [ "127.0.0.1" ] } }