-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy path40-grafana.conf
99 lines (90 loc) · 3.65 KB
/
40-grafana.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
filter {
if [fields][beats_output] == "grafana" {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => { "message" => "%{GRAFANA}" }
overwrite => ["message"]
}
if [grafana][logger] =~ /^alerting\.resultHandler$/ {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "^%{GRAFANA_ALERTING_RESULT}$" ]
tag_on_failure => [ "_grok_grafana_alerting_resultHandler_nomatch" ]
add_tag => [ "_grok_grafana_success" ]
}
} else if [grafana][logger] =~ /^alerting\.evalContext$/ {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "^%{GRAFANA_ALERTING_EVAL}$" ]
tag_on_failure => [ "_grok_grafana_evalContext_nomatch" ]
add_tag => [ "_grok_grafana_success" ]
}
} else if [grafana][logger] =~ /^sqlstore$/ {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "^%{GRAFANA_SQLSTORE}$" ]
tag_on_failure => [ "_grok_grafana_sqlstore_nomatch" ]
add_tag => [ "_grok_grafana_success" ]
}
} else if [grafana][logger] =~ /^plugins$/ {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "^%{GRAFANA_PLUGINS}$" ]
tag_on_failure => [ "_grok_grafana_plugins_nomatch" ]
add_tag => [ "_grok_grafana_success" ]
}
} else if [grafana][logger] =~ /^plugins\.backend$/ {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "^%{GRAFANA_PLUGINS_BACKEND}$" ]
tag_on_failure => [ "_grok_grafana_plugins_backend_nomatch" ]
add_tag => [ "_grok_grafana_success" ]
}
} else if [grafana][logger] =~ /^http\.server$/ {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "^%{GRAFANA_HTTP_SERVER}$" ]
tag_on_failure => [ "_grok_grafana_http_server_nomatch" ]
add_tag => [ "_grok_grafana_success" ]
}
} else if [grafana][logger] =~ /^data-proxy-log$/ {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "^%{GRAFANA_DATA_PROXY_LOG}$" ]
tag_on_failure => [ "_grok_grafana_data_proxy_log_nomatch" ]
add_tag => [ "_grok_grafana_success" ]
}
} else if [grafana][logger] =~ /^context$/ {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "^%{GRAFANA_CONTEXT_ALL}$" ]
tag_on_failure => [ "_grok_grafana_context_nomatch" ]
add_tag => [ "_grok_grafana_success" ]
}
}
date {
match => [ "[grafana][timestamp]", "ISO8601" ]
timezone => "Europe/Berlin"
locale => "de"
target => "timestamp"
remove_field => ["[grafana][timestamp]"]
}
if [grafana][error][remote][addr] {
geoip {
source => "[grafana][error][remote][addr]"
target => "[grafana][error][geoip]"
}
mutate {
add_field => {"[grafana][error][remote][hostname]" => "%{[grafana][error][remote][addr]}"}
}
dns {
reverse => [ "[grafana][error][remote][hostname]" ]
action => "replace"
hit_cache_size => 8000
hit_cache_ttl => 300
failed_cache_size => 1000
failed_cache_ttl => 300
}
}
}
}