-
Notifications
You must be signed in to change notification settings - Fork 378
/
manifest.yml
91 lines (90 loc) · 3.06 KB
/
manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
title: Nginx access logs
type: logs
streams:
- input: logfile
vars:
- name: paths
type: text
title: Paths
multi: true
required: true
show_user: true
default:
- /var/log/nginx/access.log*
- name: tags
type: text
title: Tags
multi: true
required: true
show_user: false
default:
- nginx-access
- name: preserve_original_event
required: true
show_user: true
title: Preserve original event
description: Preserves a raw copy of the original event, added to the field `event.original`
type: bool
multi: false
default: false
- name: processors
type: yaml
title: Processors
multi: false
required: false
show_user: false
description: >
Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
- name: ignore_older
type: text
title: Ignore events older than
default: 72h
required: false
show_user: false
description: >-
If this option is specified, events that are older than the specified amount of time are ignored. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
title: Nginx access logs
description: Collect Nginx access logs
- input: httpjson
title: Nginx access logs via Splunk Enterprise REST API
description: Collect Nginx access logs via Splunk Enterprise REST API
enabled: false
template_path: httpjson.yml.hbs
vars:
- name: interval
type: text
title: Interval to query Splunk Enterprise REST API
description: Go Duration syntax (eg. 10s)
show_user: true
required: true
default: 10s
- name: search
type: text
title: Splunk search string
show_user: true
required: true
default: search sourcetype=nginx:plus:access
- name: tags
type: text
title: Tags
multi: true
show_user: false
default:
- forwarded
- nginx-access
- name: preserve_original_event
required: true
show_user: true
title: Preserve original event
description: Preserves a raw copy of the original event, added to the field `event.original`
type: bool
multi: false
default: false
- name: processors
type: yaml
title: Processors
multi: false
required: false
show_user: false
description: >-
Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.