# CONFIGURED BY ANSIBLE

[INPUT]
    name tail
    tag cf.kzn
    path /data/cloudflare-instant-logs/kznexpess.com-*.json
    parser json_no_time

[INPUT]
    name tail
    tag cf.ru
    path /data/cloudflare-instant-logs/kazanexpress.ru-*.json
    parser json_no_time

[INPUT]
    name tail
    tag cf.mm
    path /data/cloudflare-instant-logs/mm.ru-*.json
    parser json_no_time

# skip casual/enriched mmdb src ip - there is ClientCountry already

# casual/enriched mmdb dest ip (cdn edge)
# warning EdgeServerIP is sometimes empty or 0.0.0.0
[FILTER]
    name geoip2
    match cf.*
    database /etc/fluent-bit/GeoLite2-City.mmdb
    lookup_key                       EdgeServerIP
    record destination_city_name     EdgeServerIP %{city.names.ru}
    record destination_country_name  EdgeServerIP %{country.names.ru}
    record nest_lat                  EdgeServerIP %{location.latitude}
    record nest_lon                  EdgeServerIP %{location.longitude}
    #log_level error
    log_level off

[FILTER]
    name nest
    match cf.*
    operation nest
    wildcard nest_*
    remove_prefix nest_
    nest_under destination_location

[FILTER]
    name modify
    match cf.kzn
    add sensor kzn@{{inventory_hostname_short}}

[FILTER]
    name modify
    match cf.ru
    add sensor ru@{{inventory_hostname_short}}

[FILTER]
    name modify
    match cf.mm
    add sensor mm@{{inventory_hostname_short}}

#[OUTPUT]
#    name file
#    match cf.kzn
#    match cf.ru
#    match cf.mm
#    path /var/log
#    file fluent-bit.log

[OUTPUT]
    name opensearch
    match cf.kzn
    host {{log_host}}
    port {{log_port}}
    tls on
    tls.verify on
    http_user {{log_http_cfuser}}
    http_passwd {{log_http_cfpasswd}}
    index cloudflare-kzn
    suppress_type_name on
    #replace_dots on
    trace_error on
    buffer_size 1M
    compress gzip

[OUTPUT]
    name opensearch
    match cf.ru
    host {{log_host}}
    port {{log_port}}
    tls on
    tls.verify on
    http_user {{log_http_cfuser}}
    http_passwd {{log_http_cfpasswd}}
    index cloudflare-ru
    suppress_type_name on
    #replace_dots on
    trace_error on
    buffer_size 3M
    compress gzip

[OUTPUT]
    name opensearch
    match cf.mm
    host {{log_host}}
    port {{log_port}}
    tls on
    tls.verify on
    http_user {{log_http_cfuser}}
    http_passwd {{log_http_cfpasswd}}
    index cloudflare-mm
    suppress_type_name on
    #replace_dots on
    trace_error on
    buffer_size 3M
    compress gzip