closedLoopAlarm dates in us not in ms
[clamp.git] / extra / docker / elk / logstash-conf / logstash.conf
index 2b5a24e..0a2caf2 100644 (file)
@@ -28,7 +28,7 @@ input {
         }
         socket_timeout => 30
         request_timeout => 30
-        interval => 15
+        interval => 60
         codec => "plain"
   }
 }
@@ -52,17 +52,19 @@ filter {
     }
     mutate { remove_field => [ "message" ] }
     # express timestamps in milliseconds instead of microseconds
-    ruby {
-        code => "event.set('closedLoopAlarmStart', Integer(event.get('closedLoopAlarmStart')))"
-    }
-    date {
-        match => [ "closedLoopAlarmStart", UNIX_MS ]
-        target => "closedLoopAlarmStart"
+    if [closedLoopAlarmStart] {
+        ruby {
+            code => "event.set('closedLoopAlarmStart', Integer(event.get('closedLoopAlarmStart')) / 1000)"
+        }
+        date {
+            match => [ "closedLoopAlarmStart", UNIX_MS ]
+            target => "closedLoopAlarmStart"
+        }
     }
 
     if [closedLoopAlarmEnd] {
         ruby {
-            code => "event.set('closedLoopAlarmEnd', Integer(event.get('closedLoopAlarmEnd')))"
+            code => "event.set('closedLoopAlarmEnd', Integer(event.get('closedLoopAlarmEnd')) / 1000)"
         }
         date {
             match => [ "closedLoopAlarmEnd", UNIX_MS ]
@@ -88,12 +90,21 @@ output {
         codec => rubydebug
     }
 
-    elasticsearch {
-        codec => "json"
-        hosts => [elasticsearch]
-        index => "logstash-%{+YYYY.MM.DD}" # creates daily indexes
-        doc_as_upsert => true
+    if [http_request_failure] {
+        elasticsearch {
+            codec => "json"
+            hosts => [elasticsearch]
+            index => "errors-%{+YYYY.MM.DD}"
+            doc_as_upsert => true
+        }
+    } else {
+        elasticsearch {
+            codec => "json"
+            hosts => [elasticsearch]
+            index => "logstash-%{+YYYY.MM.DD}" # creates daily indexes
+            doc_as_upsert => true
 
+        }
     }
 
 }