| 1234567891011121314151617181920212223242526272829303132 |
- setup.ilm.enabled: false
- setup.template.enabled: true
- setup.template.name: "{{ansible_hostname}}-log"
- setup.template.pattern: "{{ansible_hostname}}-log-*"
- setup.template.overwrite: true
- filebeat.inputs:
- - type: log
- enabled: true
- paths:
- - /var/log/auth.log
- - /var/log/messages
- - /user/local/etc/unbound/unbound.log
- processors:
- - dissect:
- tokenizer: "[%{date}] unbound[%{pid}:%{thread}] query: %{source_ip} %{domain}. %{record_type} IN"
- field: "message"
- ignore_failure: true # Ignore failures to allow the next processor to run
- - dissect:
- tokenizer: "[%{date}] unbound[%{pid}:%{thread}] reply: %{client_ip} %{query} %{query_type} %{query_class} %{response_code} %{resp
- onse_time} %{ttl} %{size}"
- field: message"
- ignore_failure: true # Ignore failures to allow the next processor to run
- output.elasticsearch:
- hosts: ["http://linux.service:5080"]
- timeout: 10
- path: "/api/default/"
- index: default
- username: "openobserve@unbl.ink"
- password: "{{openobserve_password}}"
|
