-
Notifications
You must be signed in to change notification settings - Fork 0
/
csvload_iris.conf
100 lines (85 loc) · 2.27 KB
/
csvload_iris.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# read input from stdin (e.g. pipe)
input {
stdin {}
}
filter {
# filter the input by csv (i.e. comma-separated-value)
csv {
columns => [
"number",
"caller_id",
"priority",
"cmdb_ci",
"cmdb_ci-u_used_for",
"cmdb_ci-u_functional_org",
"cmdb_ci-u_its_managed",
"cmdb_ci-u_lmw",
"cmdb_ci-operational_status",
"cmdb_ci-purchase_date",
"cmdb_ci-u_sox",
"cmdb_ci-subcategory",
"cmdb_ci-u_criticality",
"cmdb_ci-category",
"cmdb_ci-correlation_id",
"cmdb_ci-support_group-name",
"cmdb_ci-install_status",
"cmdb_ci-u_status_reason",
"short_description",
"u_state",
"assigned_to",
"u_cause_code",
"opened_at",
"sys_updated_on",
"category",
"subcategory",
"u_status",
"assignment_group",
"u_crt_metric_created",
"u_crt_start_time",
"severity",
"u_severity",
"urgency",
"u_resolved_at",
"calendar_stc",
"location-u_countrycode",
"location",
"location-u_region",
"location-state",
"location-zip",
"assigned_to-u_employee_status",
"assigned_to-u_employee_type",
"assigned_to-vip",
"caller_id-u_employee_type",
"caller_id-u_employee_status",
"caller_id-company-u_code",
"caller_id-company-u_sector",
"contact_type",
"correlation_id",
"correlation_display"
]
}
mutate { replace => { "type" => "iris_incidents3" } }
date {
# parse the "opened_at" to create a real date
# Examples of times in this log file
# 2015-10-23 01:09:09
# 2015-10-30 10:05:21
# 2015-10-30 09:50:41
match => [ "opened_at",
"YYYY-MM-dd HH:mm:ss" ] }
}
# send the output to stdout, using the rubydebug codec
# rubydedug uses the Ruby Awesome Print library
output {
# stdout { codec => rubydebug }
# elasticsearch { cluster => jupiter host => localhost index => "logstash-%{+xxxx.MM}" }
# elasticsearch { hosts => localhost index => "logstash-%{+xxxx.MM}" }
# elasticsearch { hosts => localhost index => "logstash-%{+xxxx.MM}" }
# Documentation for Joda Time Format
# http://joda-time.sourceforge.net/apidocs/org/joda/time/format/DateTimeFormat.html
# xxxx = weekyear
# yyyy = year (similar to calendar year)
# Jan 1st 2016 actually falls in week 53 of 2015, so the index was week 53 of 2015
# yyyy is the correct indicator for calendar year
elasticsearch { hosts => localhost index => "logstash-%{+yyyy.MM}" }
}