6 url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
8 Accept => "application/json"
10 add_field => { "topic" => "${event_topic}" }
12 notification_queue => {
14 url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
16 Accept => "application/json"
18 add_field => { "topic" => "${notification_topic}" }
22 url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
24 Accept => "application/json"
26 add_field => { "topic" => "${request_topic}" }
32 schedule => { "every" => "1m" }
37 # avoid noise if no entry in the list
38 if [message] == "[]" {
42 # parse json, split the list into multiple events, and parse each event
53 mutate { remove_field => [ "message" ] }
54 # express timestamps in milliseconds instead of microseconds
55 if [closedLoopAlarmStart] {
57 code => "event.set('closedLoopAlarmStart', Integer(event.get('closedLoopAlarmStart')) / 1000)"
60 match => [ "closedLoopAlarmStart", UNIX_MS ]
61 target => "closedLoopAlarmStart"
65 if [closedLoopAlarmEnd] {
67 code => "event.set('closedLoopAlarmEnd', Integer(event.get('closedLoopAlarmEnd')) / 1000)"
70 match => [ "closedLoopAlarmEnd", UNIX_MS ]
71 target => "closedLoopAlarmEnd"
75 #"yyyy-MM-dd HH:mm:ss"
76 if [notificationTime] {
79 "notificationTime", " ", "T"
83 match => [ "notificationTime", ISO8601 ]
84 target => "notificationTime"
93 if [http_request_failure] {
96 hosts => ["${elasticsearch_hosts}"]
97 index => "errors-%{+YYYY.MM.DD}"
103 hosts => ["${elasticsearch_hosts}"]
104 index => "events-%{+YYYY.MM.DD}" # creates daily indexes
105 doc_as_upsert => true