input {
jdbc {
jdbc_driver_library => "/usr/share/java/mysql-connector-java.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://netkiller:3306/cms"
jdbc_user => "cms"
jdbc_password => ""
schedule => "* * * * *"
statement => "select * from article"
}
}
filter{
json{
source => "message"
}
ruby{
code =>"event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
}
ruby{
code =>"event.set('@timestamp',event.get('timestamp'))"
}
mutate{
remove_field => ["timestamp"]
}
mutate{
add_field => { "searchDay" => "%{+YYYY-MM-dd}"}
add_field => { "searchHours" => "%{+YYYY-MM-dd HH}"}
}
mutate{
remove_field => "message"
remove_field => "thread_name"
remove_field => "port"
remove_field => "level"
remove_field => "HOSTNAME"
remove_field => "host"
remove_field => "@version"
remove_field => "level_value"
}
}
output{
elasticsearch {
hosts => ["127.0.0.1:9200"]
index =>"%{[appname]}-%{+YYYY.MM.dd}"
manage_template => false
template_name => "policy_lowsprices"
document_id=> "%{UUID}"
}
stdout { codec => rubydebug }
}