Parse user agent details

[chef.git] / cookbooks / logstash / templates / default / logstash.conf.erb

diff --git a/cookbooks/logstash/templates/default/logstash.conf.erb b/cookbooks/logstash/templates/default/logstash.conf.erb
index f6c207a61d09de6360811b8a5a3b1b8f2c93a6e1..c036c1f7aab61c23e38b05edcd2198b59df863ad 100644 (file)
--- a/cookbooks/logstash/templates/default/logstash.conf.erb
+++ b/cookbooks/logstash/templates/default/logstash.conf.erb
@@ -9,14 +9,34 @@ input {
 filter {
   if [type] == "apache" {
     grok {
-      match => [ "message", "%{COMBINEDAPACHELOG} %{NUMBER:duration:int}us %{WORD:request_id} %{NOTSPACE:ssl_protocol} %{NOTSPACE:ssl_cipher}" ]
+      match => [ "message", "%{COMBINEDAPACHELOG} %{NUMBER:duration:int}us %{NOTSPACE:request_id} %{NOTSPACE:ssl_protocol} %{NOTSPACE:ssl_cipher}" ]
     }
     date {
       match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
     }
+    if [agent] == "-" {
+      mutate {
+        remove_field => [ "agent" ]
+      }
+    } else {
+      useragent {
+        source => "agent"
+        target => "useragent"
+      }
+      mutate {
+        rename => { "agent" => "[useragent][raw]" }
+      }
+    }
   } else if [type] == "rails" {
     json {
       source => "message"
+      remove_field => [
+        "message",
+        "[parameters][authenticity_token]",
+        "[parameters][pass_crypt]",
+        "[parameters][pass_crypt_confirmation]",
+        "[parameters][utf8]"
+      ]
     }
   }
 }
@@ -24,5 +44,6 @@ filter {
 output {
   elasticsearch {
     host => [ "127.0.0.1" ]
+    cluster => "<%= node[:elasticsearch][:cluster][:name] %>"
   }
 }