}
socket_timeout => 30
request_timeout => 30
- interval => 60
codec => "plain"
+ schedule => { "every" => "1m" }
}
}
}
mutate { remove_field => [ "message" ] }
# express timestamps in milliseconds instead of microseconds
- ruby {
- code => "event.set('closedLoopAlarmStart', Integer(event.get('closedLoopAlarmStart')))"
- }
- date {
- match => [ "closedLoopAlarmStart", UNIX_MS ]
- target => "closedLoopAlarmStart"
+ if [closedLoopAlarmStart] {
+ ruby {
+ code => "event.set('closedLoopAlarmStart', Integer(event.get('closedLoopAlarmStart')) / 1000)"
+ }
+ date {
+ match => [ "closedLoopAlarmStart", UNIX_MS ]
+ target => "closedLoopAlarmStart"
+ }
}
if [closedLoopAlarmEnd] {
ruby {
- code => "event.set('closedLoopAlarmEnd', Integer(event.get('closedLoopAlarmEnd')))"
+ code => "event.set('closedLoopAlarmEnd', Integer(event.get('closedLoopAlarmEnd')) / 1000)"
}
date {
match => [ "closedLoopAlarmEnd", UNIX_MS ]
if [http_request_failure] {
elasticsearch {
codec => "json"
- hosts => [elasticsearch]
+ hosts => ["${elasticsearch_hosts}"]
index => "errors-%{+YYYY.MM.DD}"
doc_as_upsert => true
}
} else {
elasticsearch {
codec => "json"
- hosts => [elasticsearch]
- index => "logstash-%{+YYYY.MM.DD}" # creates daily indexes
+ hosts => ["${elasticsearch_hosts}"]
+ index => "events-%{+YYYY.MM.DD}" # creates daily indexes
doc_as_upsert => true
}
Code Review / clamp.git / blobdiff