-
-
Notifications
You must be signed in to change notification settings - Fork 28
Common
Status : core feature, unit tested and maintained.
-
only_type: execute the filter / output plugin only on lines with specified type. Example:only_type=nginx -
only_field_exist_toto: execute the filter / output plugin only on lines with a fieldtoto. You can specify it multiple times, all fields have to exist. -
only_field_equal_toto=aaa: execute the filter / output plugin only on lines with a fieldtoto, with valueaaa. You can specify it multiple times, all fields have to exist and have the specified value. -
only_field_match_toto=aaa$: execute the filter / output plugin only on lines with a fieldtoto, with value match the regular expressionaaa$. You can specify it multiple times, all fields have to exist and match the regular expression.
As in logstash, you can have an event dependent configuration.
Example 1: use statsd output only for a given type.
output {
if [type] == nginx {
statsd {
host => localhost
port => 8125
metric_type => increment
metric_key => nginx.request
}
} else if [type] == apache {
statsd {
host => localhost
port => 8125
metric_type => increment
metric_key => apache.request
}
}
}
As in logstash, you can use complex conditions: if [loglevel] == "ERROR" and [deployment] == "production" {
You can use the following comparison operators:
- equality:
==,!=,<,>,<=,>= - regexp:
=~,!~ - inclusion:
in,not in
The supported boolean operators are: and, or, nand, xor.
The supported unary operators are: !.
Conditions can be long and complex. You can use if, elsif, else. Conditions can contain other expressions, you can negate expressions with !, and you can group them with parentheses (...).
Undefined fields can be detected with the miss operator against a user defined value, default undefined
if [correlation_id] miss "undefined" {
compute_field {
field => correlation_id
value => '#{callid}'
}
}
When a plugin param is a string, you can use string interpolation to reference line data:
-
#{message}will return the full log line -
#{type}will return the type of log line -
#{toto}will return the value of the fieldtoto, which have to be extracted with a regex filter -
2#{toto}will return2followed by the value of the fieldtoto. -
#{now:YYYY}will return the current year. YYYY is a date format passed to moment to format current date.
Status : core feature, unit tested and maintained.
When you are in SSL mode (client or server), you can use all the parameters using by node for SSL / TLS, prefixed by ssl_.
You have to give path for certificate and key params, node-logstash will load them before initializing SSL / TLS stack.
For example, for a HTTPS server : ssl=true&ssl_cert=/path/to/cert&ssl_key=/path/to/key
For using a Certificate authority, add &ssl_ca=/path/to/ca.
For changing SSL ciphers, add ssl_ciphers=AES128-GCM-SHA256.
To use a client certificate, add ssl_cert=/client.cer&ssl_key=/client.key&ssl_ca=/tmp/ca.key.
To ignore ssl errors, add ``ssl_rejectUnauthorized=false`.