4 ## Add a id to plugin configuration. Can be anything unique.
7 ######## Connection configurations ########
9 ## The port to listen on.
12 ## Close Idle clients after the specified time in seconds. Default is 60 seconds
13 #client_inactivity_timeout => 60
15 ######## Security configurations ########
17 ## Enable encryption. Default false.
20 ## ssl certificate path.
21 #ssl_certificate => $filebeat_ssl_certificate
24 #ssl_key => $filebeat_ssl_key
26 ##SSL key passphrase to use.
27 #ssl_key_passphrase => $filebeat_ssl_key_passphrase
29 ## Value can be any of: none, peer, force_peer.
30 #ssl_verify_mode => $filebeat_ssl_verify_mode
32 ## Time in milliseconds for an incomplete ssl handshake to timeout. Default is 10000 ms.
33 #ssl_handshake_timeout => 10000
34 include_codec_tag => false
40 # Filter for log4j xml events
41 if "</log4j:event>" in [message] {
42 #Filter to parse xml event and retrieve data
46 remove_namespaces => true
47 target => "xml_content"
48 xpath => [ "/event/message/text()", "logmsg" ,
49 "/event/@logger", "Logger",
50 "/event/@timestamp", "Timestamp",
51 "/event/@level", "loglevel",
52 "/event/@thread", "Thread",
53 "/event/throwable/text()", "Exceptionthrowable",
54 "/event/NDC/text()", "NDCs",
55 "/event/properties/data/@name","mdcname",
56 "/event/properties/data/@value","mdcvalue"]
60 #Ruby filter to iterate and separate MDCs into documents
65 if event.get("[mdcname]")
66 $num = event.get("[mdcname]").length
70 if event.get("[mdcname]").at($i) and event.get("[mdcvalue]").at($i)
71 event.set(event.get("[mdcname]").at($i), event.get("[mdcvalue]").at($i))
80 if [Exceptionthrowable]
84 "exceptionmessage" => "%{[Exceptionthrowable]}"
100 "Logger" =>"%{[Logger]}"
101 "logmsg" =>"%{[logmsg]}"
102 "Timestamp" =>"%{[Timestamp]}"
103 "loglevel" =>"%{[loglevel]}"
104 "message" => "%{logmsg}"
105 "Thread" => "%{[Thread]}"
107 remove_field => ["mdcname", "mdcvalue", "logmsg","Exceptionthrowable","NDCs"]
113 match => ["Timestamp", "UNIX_MS"]
114 target => "Timestamp"
118 # Filter for logback events
122 'message', '= ', '=null',
123 'message', '=\t', '=null ', #This null is followed by a tab
124 'message', '\t$', '\t'
133 break_on_match => false
135 "message" => "%{TIMESTAMP_ISO8601:Timestamp}\t%{GREEDYDATA:Thread}\t%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}\t%{JAVACLASS:Logger}\t(?:[^\t]+\t)*%{GREEDYDATA:message}"
137 overwrite => ["message"]
147 ######### Security configurations #########
150 password => "changeme"
152 ## The .cer or .pem file to validate the server’s certificate
153 #cacert => $es_cacert
155 ## The keystore used to present a certificate to the server. It can be either .jks or .p12
156 #keystore => $es_keystore
157 #keystore_password => $es_keystore_password
159 ## Enable SSL/TLS secured communication to Elasticsearch cluster.
160 ## Default is not set which in that case depends on the protocol specidfied in hosts list
163 ## Option to validate the server’s certificate. Default is true
164 #ssl_certificate_verification => $es_ssl_certificate_verification
166 ## The JKS truststore to validate the server’s certificate.
167 #truststore => $es_truststore
168 #truststore_password => $es_truststore_password
171 ######### Elasticsearchcluster and host configurations #########
173 #can specify one or a list of hosts. If sniffing is set, one is enough and others will be auto-discovered
174 ##Also protocol can be specified like ["http://10.247.186.12:9200"]
175 hosts => ["http://elasticsearch.onap-log:9200"]
178 ## This setting asks Elasticsearch for the list of all cluster nodes and adds them to the hosts list. Default is false.
181 ## How long to wait, in seconds, between sniffing attempts. Default is 5 seconds.
184 ## Set the address of a forward HTTP proxy.
187 ##Use this if you must run Elasticsearch behind a proxy that remaps the root path for the Elasticsearch HTTP API lives
190 ######### Elasticsearch request configurations #########
192 ## This setting defines the maximum sized bulk request Logstash will make.
195 ######### Document configurations #########
197 index => "onaplogs-%{+YYYY.MM.dd}"
198 document_type => "logs"
200 ## This can be used to associate child documents with a parent using the parent ID.