-
Notifications
You must be signed in to change notification settings - Fork 4.9k
/
pipeline.yml
108 lines (107 loc) · 2.74 KB
/
pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
description: Pipeline for parsing Kibana logs
on_failure:
- set:
field: error.message
value: '{{ _ingest.on_failure_message }}'
processors:
- set:
field: event.ingested
value: '{{_ingest.timestamp}}'
- set:
copy_from: '@timestamp'
field: event.created
- rename:
field: json
target_field: kibana.log.meta
- date:
field: kibana.log.meta.@timestamp
formats:
- ISO8601
target_field: '@timestamp'
- remove:
field: kibana.log.meta.@timestamp
- rename:
field: kibana.log.meta.message
target_field: message
- rename:
field: kibana.log.meta.state
target_field: kibana.log.state
ignore_missing: true
- rename:
field: kibana.log.meta.pid
target_field: process.pid
- rename:
field: kibana.log.meta.tags
target_field: kibana.log.tags
- rename:
field: kibana.log.meta.res.statusCode
target_field: http.response.status_code
ignore_missing: true
- script:
lang: painless
source: ctx.event.duration = Math.round(ctx.kibana.log.meta.res.responseTime * 1000000L)
if: ctx?.kibana?.log?.meta?.res?.responseTime != null
- remove:
field: kibana.log.meta.res.responseTime
ignore_missing: true
- rename:
field: kibana.log.meta.res.contentLength
target_field: http.response.body.bytes
ignore_missing: true
- rename:
field: kibana.log.meta.req.method
target_field: http.request.method
ignore_missing: true
- rename:
field: kibana.log.meta.req.headers.referer
target_field: http.request.referrer
ignore_missing: true
- rename:
field: kibana.log.meta.req.headers.user-agent
target_field: user_agent.original
ignore_missing: true
- rename:
field: kibana.log.meta.req.remoteAddress
target_field: source.address
ignore_missing: true
- set:
field: source.ip
value: '{{source.address}}'
ignore_empty_value: true
- rename:
field: kibana.log.meta.req.url
target_field: url.original
ignore_missing: true
- remove:
field: kibana.log.meta.req.referer
ignore_missing: true
- remove:
field: kibana.log.meta.statusCode
ignore_missing: true
- remove:
field: kibana.log.meta.method
ignore_missing: true
- append:
field: service.name
value: kibana
- set:
field: event.kind
value: event
- script:
lang: painless
source: >-
if (ctx?.kibana?.log?.state != null) {
if (ctx.kibana.log.state == "red") {
ctx.event.type = "error";
} else {
ctx.event.type = "info";
}
}
- set:
field: event.outcome
value: success
if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400"
- set:
field: event.outcome
value: failure
if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400"