forked from elastic/beats
/
pipeline.json
54 lines (54 loc) · 1.28 KB
/
pipeline.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
{
"description": "Pipeline for parsing elasticsearch deprecation logs",
"processors": [
{
"rename": {
"field": "@timestamp",
"target_field": "event.created"
}
},
{
"grok": {
"field": "message",
"patterns": [
"^%{CHAR:first_char}"
],
"pattern_definitions": {
"CHAR": "."
}
}
},
{
"pipeline": {
"if": "ctx.first_char != '{'",
"name": "{< IngestPipeline "pipeline-plaintext" >}"
}
},
{
"pipeline": {
"if": "ctx.first_char == '{'",
"name": "{< IngestPipeline "pipeline-json" >}"
}
},
{
"remove": {
"field": "elasticsearch.deprecation.timestamp"
}
},
{
"remove": {
"field": [
"first_char"
]
}
}
],
"on_failure": [
{
"set": {
"field": "error.message",
"value": "{{ _ingest.on_failure_message }}"
}
}
]
}