forked from kuskoman/logstash-exporter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
logstash.conf
56 lines (51 loc) · 1.16 KB
/
logstash.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
input {
generator {
type => "dummy"
count => -1
message => '{"message": "dummy log"}'
codec => plain {id => "plain-codec-001"}
}
dead_letter_queue {
path => "/usr/share/logstash/data/dead_letter_queue"
commit_offsets => true
pipeline_id => "main"
}
}
filter {
ruby {
code => "sleep 0.2"
}
json {
id => "json-filter"
source => "message"
}
# There are too many of these. Drop 80% of them.
if [message][message] == "dummy log" {
drop {
id => "drop-80-percent"
percentage => 80
}
}
if [massage][non_existent] {
drop {
id => "drop-non-existent"
}
}
mutate {
id => "mutate-path-001"
gsub => [
"[url][path]", "/([^/]+).*", "\1"
]
add_field => { "[oject][foo]" => "bar" }
}
# Don't keep this duplicate payload
prune {
id => "prune-http-input-fields"
blacklist_names => [ "event", "host", "http", "url", "user_agent" ]
}
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
}
}