59 lines
1.5 KiB
Nix
59 lines
1.5 KiB
Nix
with builtins; {
|
|
|
|
resource = {
|
|
|
|
graylog_pipeline_connection = {
|
|
journald.pipeline_ids = [ "\${graylog_pipeline.kibana.id}" ];
|
|
};
|
|
|
|
graylog_pipeline = {
|
|
kibana.source = ''
|
|
pipeline "kibana : parsing"
|
|
stage 10 match either
|
|
rule "kibana : parse level 1"
|
|
stage 11 match either
|
|
rule "kibana : parse message"
|
|
end
|
|
'';
|
|
};
|
|
|
|
graylog_pipeline_rule = {
|
|
kibanaLevel1.source = ''
|
|
rule "kibana : parse level 1"
|
|
when
|
|
has_field("systemd_unit") && ($message.systemd_unit == "kibana.service")
|
|
then
|
|
let parsedJson = parse_json(to_string($message.message));
|
|
set_fields(to_map(parsedJson),"kibana_");
|
|
end
|
|
'';
|
|
kibanaLevelRequest.source = ''
|
|
rule "kibana : parse request"
|
|
when
|
|
has_field("kibana_req")
|
|
then
|
|
let parsedJson = parse_json(to_string($message.kibana_req));
|
|
set_fields(to_map(parsedJson),"kibana_req_");
|
|
end
|
|
'';
|
|
kibanaLevelResponse.source = ''
|
|
rule "kibana : parse response"
|
|
when
|
|
has_field("kibana_res")
|
|
then
|
|
let parsedJson = parse_json(to_string($message.kibana_res));
|
|
set_fields(to_map(parsedJson),"kibana_res_");
|
|
end
|
|
'';
|
|
kibanaLevelMessage.source = ''
|
|
rule "kibana : parse message"
|
|
when
|
|
has_field("kibana_message")
|
|
then
|
|
set_field("message", $message.kibana_message);
|
|
end
|
|
'';
|
|
};
|
|
|
|
};
|
|
}
|