Add rules for legacytimeperiod

Icinga · May 31, 2019 · 05c8285 · 05c8285
1 parent 2c6aa12
commit 05c8285
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/doc/30-namingscheme.md b/doc/30-namingscheme.md
@@ -82,7 +82,7 @@ grep -Pho "\[icinga\]\[[^\[]*?\]" filter-* | sort -u | sed -e "s@\[icinga\]\[@@;
 
 These are all fieldnames in use for filter-50-configs to date:
 
-*agent, apirequest, apiuser, bytes, checkablespending, checkablesrate, checkinterval, checknext, checkoriginal, checktime, clientendpoint, clienthost, clientport, code, component, configfilecount, connectedendpoints, context, count, currentepoch, currentmaster, date, dateend, datestart, dbinstance, detail, direction, epochcurrent, epochreceived, errorcode, eventtype, facility, filecount, filterversion, hostname, hostport, httpclientip, httpclientport, httpmethod, idlecheckables, items01min, items05min, items15min, itemscount, itemsrate, listenerhost, logposition, message, messagecount, messagetype, metriclist, name, nomessageduration, notification, notificationcount, notificationtype, object, objectdetails, objectname, objecttype, path, period, pid, plugin, port, pugin, query, receivedepoch, remainingclients, severity, signal, sslerrorcode, sslerrordetails, statefile, timestamp, username, workerdetail, workerfacility, workerid, zone*
+*agent, apirequest, apiuser, bytes, checkablespending, checkablesrate, checkinterval, checknext, checkoriginal, checktime, clientendpoint, clienthost, clientport, code, component, configfilecount, connectedendpoints, context, count, currentepoch, currentmaster, date, dateend, datestart, dbinstance, detail, direction, endtime, epochcurrent, epochreceived, errorcode, eventtype, facility, filecount, filterversion, hostname, hostport, httpclientip, httpclientport, httpmethod, idlecheckables, items01min, items05min, items15min, itemscount, itemsrate, listenerhost, logposition, message, messagecount, messagetype, metriclist, name, nomessageduration, notification, notificationcount, notificationtype, object, objectdetails, objectname, objecttype, path, period, pid, plugin, port, pugin, query, receivedepoch, remainingclients, severity, signal, sslerrorcode, sslerrordetails, starttime, statefile, stride, timerange, timestamp, username, weekday, workerdetail, workerfacility, workerid, zone*
 
 ### Arrays
 

diff --git a/filter-50-legacytimeperiod.conf b/filter-50-legacytimeperiod.conf
@@ -10,6 +10,30 @@ filter {
           "[icinga][eventtype]" => "legacy_timeperiod_update"
         }
       }
+    } else if [message] =~ /^ParseTimeRange:/ {
+      grok {
+        match => ["message","ParseTimeRange: '%{WORD:[icinga][weekday]}' => %{NUMBER:[icinga][starttime]} -> %{NUMBER:[icinga][endtime]}, stride: %{NUMBER:[icinga][stride]}"]
+        id => "icinga_parsetimerange"
+        add_tag => "icinga_parsetimerange"
+        tag_on_failure => ["_grokparsefailure","icinga_parsetimerange_failed"]
+        add_field => {
+          "[icinga][eventtype]" => "parse_time_range"
+        }
+      }
+      date {
+        match => ["[icinga][starttime]","UNIX"]
+        target => "[icinga][starttime]"
+      }
+      date {
+        match => ["[icinga][endtime]","UNIX"]
+        target => "[icinga][endtime]"
+      }
+      mutate {
+        add_field => {
+          "[icinga][timerange]" => "%{[icinga][starttime]}-%{[icinga][endtime]}"
+        }
+      }
     }
   }
 }
+