| Dmitry Kalashnik | 541ffb4 | 2019-04-16 15:26:21 +0400 | [diff] [blame^] | 1 | parameters: |
| 2 | fluentd: |
| 3 | agent: |
| 4 | config: |
| 5 | label: |
| 6 | audit_messages: |
| 7 | filter: |
| 8 | get_payload_values: |
| 9 | tag: audit |
| 10 | type: record_transformer |
| 11 | enable_ruby: true |
| 12 | record: |
| 13 | - name: Logger |
| 14 | value: ${fluentd:dollar}{ record.dig("publisher_id") } |
| 15 | - name: Severity |
| 16 | value: ${fluentd:dollar}{ {'TRACE'=>7,'DEBUG'=>7,'INFO'=>6,'AUDIT'=>6,'WARNING'=>4,'ERROR'=>3,'CRITICAL'=>2}[record['priority']].to_i } |
| 17 | - name: Timestamp |
| 18 | value: ${fluentd:dollar}{ DateTime.strptime(record.dig("payload", "eventTime"), "%Y-%m-%dT%H:%M:%S.%N%z").strftime("%Y-%m-%dT%H:%M:%S.%3NZ") } |
| 19 | - name: notification_type |
| 20 | value: ${fluentd:dollar}{ record.dig("event_type") } |
| 21 | - name: severity_label |
| 22 | value: ${fluentd:dollar}{ record.dig("priority") } |
| 23 | - name: environment_label |
| 24 | value: ${_param:cluster_domain} |
| 25 | |
| 26 | - name: action |
| 27 | value: ${fluentd:dollar}{ record.dig("payload", "action") } |
| 28 | - name: event_type |
| 29 | value: ${fluentd:dollar}{ record.dig("payload", "eventType") } |
| 30 | - name: outcome |
| 31 | value: ${fluentd:dollar}{ record.dig("payload", "outcome") } |
| 32 | pack_payload_to_json: |
| 33 | tag: audit |
| 34 | require: |
| 35 | - get_payload_values |
| 36 | type: record_transformer |
| 37 | enable_ruby: true |
| 38 | remove_keys: '["payload", "timestamp", "publisher_id", "priority"]' |
| 39 | record: |
| 40 | - name: Payload |
| 41 | value: ${fluentd:dollar}{ record["payload"].to_json } |
| 42 | match: |
| 43 | audit_output: |
| 44 | tag: audit |
| 45 | type: elasticsearch |
| 46 | host: ${_param:stacklight_log_address} |
| 47 | port: ${_param:stacklight_elasticsearch_port} |
| 48 | es_index_name: audit |
| 49 | tag_key: Type |