1 {%- if pillar.get('fluentd', {}).get('agent') %}
9 tag: elasticsearch.general
10 path: /var/log/elasticsearch/elasticsearch.log
11 pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/elasticsearch.general.pos
12 format: '/^\[(?<time>[^ ]* ?[^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] \[([^\]]*) *\] (?<Payload>.+)/'
13 tail_elasticsearch_deprecation:
15 tag: elasticsearch.deprecation
16 path: /var/log/elasticsearch/elasticsearch_deprecation.log
17 pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/elasticsearch.deprecation.pos
18 format: '/^\[(?<time>[^ ]* ?[^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] (?<Payload>.+)/'
19 tail_elasticsearch_index_indexing_slowlog:
21 tag: elasticsearch.slowlog.indexing
22 path: /var/log/elasticsearch/elasticsearch_index_indexing_slowlog.log
23 pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/elasticsearch.slowlog.indexing.pos
24 format: '/^\[(?<time>[^ ]* ?[^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] (?<Payload>.+)/'
25 tail_elasticsearch_index_search_slowlog:
27 tag: elasticsearch.slowlog.search
28 path: /var/log/elasticsearch/elasticsearch_index_search_slowlog.log
29 pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/elasticsearch.slowlog.search.pos
30 format: '/^\[(?<time>[^ ]* ?[^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] (?<Payload>.+)/'
33 type: record_transformer
40 value: ${ {"WARN"=>4,"INFO"=>6,"DEBUG"=>7,"TRACE"=>7}[record["severity_label"]] }
41 - name: severity_label
42 value: ${ {"WARN"=>"WARNING","INFO"=>"INFO","DEBUG"=>"DEBUG","TRACE"=>"TRACE"}[record["severity_label"]] }