Enable SSL for logstash beats input plugin

[chef.git] / cookbooks / logstash / templates / default / logstash.conf.erb

diff --git a/cookbooks/logstash/templates/default/logstash.conf.erb b/cookbooks/logstash/templates/default/logstash.conf.erb
index 0ddab7b2fc651e5fff1bc993b520a52ab5de6786..cbc8c909bb89543cc3cebd638bead0e3a3998626 100644 (file)
--- a/cookbooks/logstash/templates/default/logstash.conf.erb
+++ b/cookbooks/logstash/templates/default/logstash.conf.erb
@@ -1,8 +1,9 @@
 input {
-  lumberjack {
-    port => 5043
-    ssl_certificate => "/var/lib/logstash/lumberjack.crt"
-    ssl_key => "/var/lib/logstash/lumberjack.key"
+  beats {
+    port => 5044
+    ssl => true
+    ssl_certificate => "/var/lib/logstash/beats.crt"
+    ssl_key => "/var/lib/logstash/beats.key"
   }
 }
 
@@ -14,6 +15,24 @@ filter {
     date {
       match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
     }
+    if [agent] == "-" {
+      mutate {
+        remove_field => [ "agent" ]
+      }
+    } else {
+      useragent {
+        source => "agent"
+        target => "useragent"
+      }
+      grok {
+        match => { "agent" => "%{JOSM:[useragent][name]=JOSM}/%{POSINT:[useragent][major]}\.%{POSINT:[useragent][minor]} \(%{POSINT:[useragent][patch]} \w+\) " }
+        overwrite => [ "[useragent][name]", "[useragent][major]", "[useragent][minor]", "[useragent][patch]" ]
+        tag_on_failure => []
+      }
+      mutate {
+        rename => { "agent" => "[useragent][raw]" }
+      }
+    }
   } else if [type] == "rails" {
     json {
       source => "message"
@@ -25,12 +44,36 @@ filter {
         "[parameters][utf8]"
       ]
     }
+    if [duration] {
+      ruby {
+        code => "event['duration'] = Integer(event['duration'] * 1000000)"
+      }
+    }
+    if [db] {
+      ruby {
+        code => "event['db'] = Integer(event['db'] * 1000000)"
+      }
+    }
+    if [view] {
+      ruby {
+        code => "event['view'] = Integer(event['view'] * 1000000)"
+      }
+    }
+  }
+
+  if [host] =~ /^spike-/ {
+    mutate {
+      add_tag => [ "frontend" ]
+    }
+  } else if [host] =~ /^thorn-/ {
+    mutate {
+      add_tag => [ "backend" ]
+    }
   }
 }
 
 output {
   elasticsearch {
-    host => [ "127.0.0.1" ]
-    cluster => "<%= node[:elasticsearch][:cluster][:name] %>"
+    hosts => [ "127.0.0.1" ]
   }
 }