dashboard/files/xdata.conf - incubator-flagon-user-ale - Git at Google

 input {
   file {
     codec => "json"
     path => [
       "/var/log/xdata/xdata-old.log",
       "/var/log/xdata/xdata-v2.log",
       "/var/log/xdata/xdata-v3.log"
     ]
     start_position => beginning
   }
 }

 filter {
   grok {
     match => [ "apiVersion", "(?<major_ver>\d+).(?<minor_ver>\d+)(.(?<patch_ver>\d+))?" ]
   }

   grok {
     match => [ "useraleVersion", "(?<major_ver>\d+).(?<minor_ver>\d+)(.(?<patch_ver>\d+))?" ]
   }

   mutate {
     convert => { "major_ver" => "integer" }
     convert => { "minor_ver" => "integer" }
     convert => { "patch_ver" => "integer" }
   }
 }

 output {
   if [oid] {
     elasticsearch {
       index => xdata_old
       host => localhost
       index_type => testing
     }
   } else if [major_ver] > 2 {
     elasticsearch {
       index => xdata_v3
       host => localhost
       index_type => testing
     }
   } else {
     elasticsearch {
       index => xdata_v2
       host => localhost
       index_type => testing
     }
   }
   stdout { codec => rubydebug }
 }
	input {
	file {
	codec => "json"
	path => [
	"/var/log/xdata/xdata-old.log",
	"/var/log/xdata/xdata-v2.log",
	"/var/log/xdata/xdata-v3.log"
	]
	start_position => beginning
	}
	}

	filter {
	grok {
	match => [ "apiVersion", "(?<major_ver>\d+).(?<minor_ver>\d+)(.(?<patch_ver>\d+))?" ]
	}

	grok {
	match => [ "useraleVersion", "(?<major_ver>\d+).(?<minor_ver>\d+)(.(?<patch_ver>\d+))?" ]
	}

	mutate {
	convert => { "major_ver" => "integer" }
	convert => { "minor_ver" => "integer" }
	convert => { "patch_ver" => "integer" }
	}
	}

	output {
	if [oid] {
	elasticsearch {
	index => xdata_old
	host => localhost
	index_type => testing
	}
	} else if [major_ver] > 2 {
	elasticsearch {
	index => xdata_v3
	host => localhost
	index_type => testing
	}
	} else {
	elasticsearch {
	index => xdata_v2
	host => localhost
	index_type => testing
	}
	}
	stdout { codec => rubydebug }
	}