| input { |
| file { |
| codec => "json" |
| path => [ |
| "/var/log/xdata/xdata-old.log", |
| "/var/log/xdata/xdata-v2.log", |
| "/var/log/xdata/xdata-v3.log" |
| ] |
| start_position => beginning |
| } |
| } |
| |
| filter { |
| grok { |
| match => [ "apiVersion", "(?<major_ver>\d+).(?<minor_ver>\d+)(.(?<patch_ver>\d+))?" ] |
| } |
| |
| grok { |
| match => [ "useraleVersion", "(?<major_ver>\d+).(?<minor_ver>\d+)(.(?<patch_ver>\d+))?" ] |
| } |
| |
| mutate { |
| convert => { "major_ver" => "integer" } |
| convert => { "minor_ver" => "integer" } |
| convert => { "patch_ver" => "integer" } |
| } |
| } |
| |
| output { |
| if [oid] { |
| elasticsearch { |
| index => xdata_old |
| host => localhost |
| index_type => testing |
| } |
| } else if [major_ver] > 2 { |
| elasticsearch { |
| index => xdata_v3 |
| host => localhost |
| index_type => testing |
| } |
| } else { |
| elasticsearch { |
| index => xdata_v2 |
| host => localhost |
| index_type => testing |
| } |
| } |
| stdout { codec => rubydebug } |
| } |
| |