Skip to content

Commit

Permalink
New logstash configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@fedelemantuano
fedelemantuano committed Jan 17, 2018
1 parent 4e4c117 commit 9bb0343
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 70 deletions.
46 changes: 0 additions & 46 deletions logstash/logstash/pipeline/logstash.conf
View file

This file was deleted.

49 changes: 25 additions & 24 deletions logstash/pipeline/logstash.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,44 +3,45 @@ input {
host => "redis"
data_type => "list"
key => "spamscope_mails"
type => "mails"
tags => ["mails"]
tags => ["mails", "analysis"]
}
redis {
host => "redis"
data_type => "list"
key => "spamscope_attachments"
type => "attachments"
tags => ["attachments"]
tags => ["attachments", "analysis"]
}
}

filter {
json { source => "message" }
if "analysis" in [tags] {
json { source => "message" }
date { match => [ "analisys_date", "ISO8601" ] }

date {
match => [ "analisys_date", "ISO8601" ]
}

if "mails" in [tags] {
geoip {
source => "sender_ip"
add_tag => [ "geoip" ]
if "mails" in [tags] {
geoip {
source => "sender_ip"
add_tag => [ "geoip" ]
}
}
}
}

output {
if "mails" in [tags] {
elasticsearch {
hosts => ["elasticsearch"]
index => "spamscope_mails-%{+YYYY.MM.dd}"
}
}
else if "attachments" in [tags] {
elasticsearch {
hosts => ["elasticsearch"]
index => "spamscope_attachments-%{+YYYY.MM.dd}"
}
if "analysis" in [tags] {
if "mails" in [tags] {
elasticsearch {
hosts => ["elasticsearch"]
index => "spamscope_mails-%{+YYYY.MM.dd}"
document_type => "analysis"
}
}
else if "attachments" in [tags] {
elasticsearch {
hosts => ["elasticsearch"]
index => "spamscope_attachments-%{+YYYY.MM.dd}"
document_type => "analysis"
}
}
}
}

0 comments on commit 9bb0343

Please sign in to comment.