}
socket_timeout => 30
request_timeout => 30
- interval => 15
+ interval => 60
codec => "plain"
}
}
}
mutate { remove_field => [ "message" ] }
# express timestamps in milliseconds instead of microseconds
- ruby {
- code => "event.set('closedLoopAlarmStart', Integer(event.get('closedLoopAlarmStart')))"
- }
- date {
- match => [ "closedLoopAlarmStart", UNIX_MS ]
- target => "closedLoopAlarmStart"
+ if [closedLoopAlarmStart] {
+ ruby {
+ code => "event.set('closedLoopAlarmStart', Integer(event.get('closedLoopAlarmStart')) / 1000)"
+ }
+ date {
+ match => [ "closedLoopAlarmStart", UNIX_MS ]
+ target => "closedLoopAlarmStart"
+ }
}
if [closedLoopAlarmEnd] {
ruby {
- code => "event.set('closedLoopAlarmEnd', Integer(event.get('closedLoopAlarmEnd')))"
+ code => "event.set('closedLoopAlarmEnd', Integer(event.get('closedLoopAlarmEnd')) / 1000)"
}
date {
match => [ "closedLoopAlarmEnd", UNIX_MS ]
codec => rubydebug
}
- elasticsearch {
- codec => "json"
- hosts => [elasticsearch]
- index => "logstash-%{+YYYY.MM.DD}" # creates daily indexes
- doc_as_upsert => true
+ if [http_request_failure] {
+ elasticsearch {
+ codec => "json"
+ hosts => [elasticsearch]
+ index => "errors-%{+YYYY.MM.DD}"
+ doc_as_upsert => true
+ }
+ } else {
+ elasticsearch {
+ codec => "json"
+ hosts => [elasticsearch]
+ index => "logstash-%{+YYYY.MM.DD}" # creates daily indexes
+ doc_as_upsert => true
+ }
}
}
Code Review / clamp.git / blobdiff