/
logstash.js
executable file
·138 lines (123 loc) · 3.62 KB
/
logstash.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
/* global _ */
/*
* Complex scripted Logstash dashboard
* This script generates a dashboard object that Kibana can load. It also takes a number of user
* supplied URL parameters, none are required:
*
* index :: Which index to search? If this is specified, interval is set to 'none'
* pattern :: Does nothing if index is specified. Set a timestamped index pattern. Default: [logstash-]YYYY.MM.DD
* interval :: Sets the index interval (eg: day,week,month,year), Default: day
*
* split :: The character to split the queries on Default: ','
* query :: By default, a comma seperated list of queries to run. Default: *
*
* from :: Search this amount of time back, eg 15m, 1h, 2d. Default: 15m
* timefield :: The field containing the time to filter on, Default: @timestamp
*
* fields :: comma seperated list of fields to show in the table
* sort :: comma seperated field to sort on, and direction, eg sort=@timestamp,desc
*
*/
'use strict';
// Setup some variables
var dashboard, queries, _d_timespan;
// All url parameters are available via the ARGS object
var ARGS;
// Set a default timespan if one isn't specified
_d_timespan = '1d';
// Intialize a skeleton with nothing but a rows array and service object
dashboard = {
rows : [],
services : {}
};
// Set a title
dashboard.title = 'Logstash Search';
// Allow the user to set the index, if they dont, fall back to logstash.
if(!_.isUndefined(ARGS.index)) {
dashboard.index = {
default: ARGS.index,
interval: 'none'
};
} else {
// Don't fail to default
dashboard.failover = false;
dashboard.index = {
default: ARGS.index||'ADD_A_TIME_FILTER',
pattern: ARGS.pattern||'[logstash-]YYYY.MM.DD',
interval: ARGS.interval||'day'
};
}
// In this dashboard we let users pass queries as comma seperated list to the query parameter.
// Or they can specify a split character using the split aparameter
// If query is defined, split it into a list of query objects
// NOTE: ids must be integers, hence the parseInt()s
if(!_.isUndefined(ARGS.query)) {
queries = _.object(_.map(ARGS.query.split(ARGS.split||','), function(v,k) {
return [k,{
query: v,
id: parseInt(k,10),
alias: v
}];
}));
} else {
// No queries passed? Initialize a single query to match everything
queries = {
0: {
query: '*',
id: 0
}
};
}
// Now populate the query service with our objects
dashboard.services.query = {
list : queries,
ids : _.map(_.keys(queries),function(v){return parseInt(v,10);})
};
// Lets also add a default time filter, the value of which can be specified by the user
dashboard.services.filter = {
list: {
0: {
from: "now-"+(ARGS.from||_d_timespan),
to: "now",
field: ARGS.timefield||"@timestamp",
type: "time",
active: true,
id: 0
}
},
ids: [0]
};
// Ok, lets make some rows. The Filters row is collapsed by default
dashboard.rows = [
{
title: "Chart",
height: "300px"
},
{
title: "Events",
height: "400px"
}
];
// And a histogram that allows the user to specify the interval and time field
dashboard.rows[0].panels = [
{
title: 'events over time',
type: 'histogram',
time_field: ARGS.timefield||"@timestamp",
auto_int: true,
span: 12
}
];
// And a table row where you can specify field and sort order
dashboard.rows[1].panels = [
{
title: 'all events',
type: 'table',
fields: !_.isUndefined(ARGS.fields) ? ARGS.fields.split(',') : [],
sort: !_.isUndefined(ARGS.sort) ? ARGS.sort.split(',') : [ARGS.timefield||'@timestamp','desc'],
overflow: 'expand',
span: 12
}
];
// Now return the object and we're good!
return dashboard;