# CONFIGURED BY ANSIBLE [INPUT] name syslog mode udp listen 0.0.0.0 #parser syslog-rfc3164-local parser ngenix_syslog source_address_key nge_edge tag nge alias nge [FILTER] name modify match nge remove gzip_ratio condition key_value_equals gzip_ratio - [FILTER] name modify match nge remove http_referer condition key_value_equals http_referer - [FILTER] name modify match nge remove upstream_cache_status condition key_value_equals upstream_cache_status - [FILTER] name modify match nge remove upstream_response_length condition key_value_equals upstream_response_length - [FILTER] name modify match nge remove upstream_response_time condition key_value_equals upstream_response_time - [FILTER] name modify match nge remove upstream_status condition key_value_equals upstream_status - [FILTER] name modify match nge remove upstream_addr condition key_value_equals upstream_addr - [FILTER] name modify match nge # @timestamp is enough for logs remove time_local # elasticsearch refuses host field rename host vhost add sensor {{inventory_hostname_short}} # provides upstream_ip upstream_port [FILTER] name parser match nge key_name upstream_addr parser nge_custom_upstream reserve_data true # provides method path http_version [FILTER] name parser match nge key_name request parser nge_split_request reserve_data true # provides page [FILTER] name parser match nge key_name path parser nge_strip_querystr reserve_data true preserve_key true # provides nge_edge_ip [FILTER] name parser match nge key_name nge_edge parser nge_edge_ip reserve_data true #[OUTPUT] # name file # match nge # path /var/log # file fluent-bit.log [OUTPUT] name opensearch match nge host {{log_host}} port {{log_port}} tls on tls.verify off http_user {{log_http_cfuser}} http_passwd {{log_http_cfpasswd}} index nge-stream-{{env}} suppress_type_name on replace_dots on trace_error on buffer_size 50MB compress gzip