Defined Type: logstash::input::elasticsearch

Defined in:
manifests/input/elasticsearch.pp

Overview

Define: logstash::input::elasticsearch

Read from elasticsearch.  This is useful for replay testing logs,
reindexing, etc.  Example:  input {   # Read all documents from
elasticsearch matching the given query   elasticsearch {     host
=> "localhost"     query => "ERROR"   } }   TODO(sissel):
configurable scroll timeout TODO(sissel): Option to keep the index,
type, and doc id so we can do reindexing?

Parameters

add_field

Add a field to an event Value type is hash Default value: {} This variable is optional

charset

The character encoding used in this input. Examples include “UTF-8” and “cp1252” This setting is useful if your log files are in Latin-1 (aka cp1252) or in another character set other than UTF-8. This only affects “plain” format logs since json is UTF-8 already. Value can be any of: “ASCII-8BIT”, “UTF-8”, “US-ASCII”, “Big5”, “Big5-HKSCS”, “Big5-UAO”, “CP949”, “Emacs-Mule”, “EUC-JP”, “EUC-KR”, “EUC-TW”, “GB18030”, “GBK”, “ISO-8859-1”, “ISO-8859-2”, “ISO-8859-3”, “ISO-8859-4”, “ISO-8859-5”, “ISO-8859-6”, “ISO-8859-7”, “ISO-8859-8”, “ISO-8859-9”, “ISO-8859-10”, “ISO-8859-11”, “ISO-8859-13”, “ISO-8859-14”, “ISO-8859-15”, “ISO-8859-16”, “KOI8-R”, “KOI8-U”, “Shift_JIS”, “UTF-16BE”, “UTF-16LE”, “UTF-32BE”, “UTF-32LE”, “Windows-1251”, “BINARY”, “IBM437”, “CP437”, “IBM737”, “CP737”, “IBM775”, “CP775”, “CP850”, “IBM850”, “IBM852”, “CP852”, “IBM855”, “CP855”, “IBM857”, “CP857”, “IBM860”, “CP860”, “IBM861”, “CP861”, “IBM862”, “CP862”, “IBM863”, “CP863”, “IBM864”, “CP864”, “IBM865”, “CP865”, “IBM866”, “CP866”, “IBM869”, “CP869”, “Windows-1258”, “CP1258”, “GB1988”, “macCentEuro”, “macCroatian”, “macCyrillic”, “macGreek”, “macIceland”, “macRoman”, “macRomania”, “macThai”, “macTurkish”, “macUkraine”, “CP950”, “Big5-HKSCS:2008”, “CP951”, “stateless-ISO-2022-JP”, “eucJP”, “eucJP-ms”, “euc-jp-ms”, “CP51932”, “eucKR”, “eucTW”, “GB2312”, “EUC-CN”, “eucCN”, “GB12345”, “CP936”, “ISO-2022-JP”, “ISO2022-JP”, “ISO-2022-JP-2”, “ISO2022-JP2”, “CP50220”, “CP50221”, “ISO8859-1”, “Windows-1252”, “CP1252”, “ISO8859-2”, “Windows-1250”, “CP1250”, “ISO8859-3”, “ISO8859-4”, “ISO8859-5”, “ISO8859-6”, “Windows-1256”, “CP1256”, “ISO8859-7”, “Windows-1253”, “CP1253”, “ISO8859-8”, “Windows-1255”, “CP1255”, “ISO8859-9”, “Windows-1254”, “CP1254”, “ISO8859-10”, “ISO8859-11”, “TIS-620”, “Windows-874”, “CP874”, “ISO8859-13”, “Windows-1257”, “CP1257”, “ISO8859-14”, “ISO8859-15”, “ISO8859-16”, “CP878”, “Windows-31J”, “CP932”, “csWindows31J”, “SJIS”, “PCK”, “MacJapanese”, “MacJapan”, “ASCII”, “ANSI_X3.4-1968”, “646”, “UTF-7”, “CP65000”, “CP65001”, “UTF8-MAC”, “UTF-8-MAC”, “UTF-8-HFS”, “UTF-16”, “UTF-32”, “UCS-2BE”, “UCS-4BE”, “UCS-4LE”, “CP1251”, “UTF8-DoCoMo”, “SJIS-DoCoMo”, “UTF8-KDDI”, “SJIS-KDDI”, “ISO-2022-JP-KDDI”, “stateless-ISO-2022-JP-KDDI”, “UTF8-SoftBank”, “SJIS-SoftBank”, “locale”, “external”, “filesystem”, “internal” Default value: “UTF-8” This variable is optional

debug

Set this to true to enable debugging on an input. Value type is boolean Default value: false This variable is optional

format

The format of input data (plain, json, json_event) Value can be any of: “plain”, “json”, “json_event”, “msgpack_event” Default value: None This variable is optional

host

When mode is server, the address to listen on. When mode is client, the address to connect to. Value type is string Default value: “0.0.0.0” This variable is optional

index

Value type is string Default value: “*” This variable is optional

message_format

If format is “json”, an event sprintf string to build what the display @message should be given (defaults to the raw JSON). sprintf format strings look like %fieldname or %@metadata. If format is “json_event”, ALL fields except for @type are expected to be present. Not receiving all fields will cause unexpected results. Value type is string Default value: None This variable is optional

port

When mode is server, the port to listen on. When mode is client, the port to connect to. Value type is number Default value: 9200 This variable is optional

query

Value type is string Default value: “*” This variable is optional

tags

Add any number of arbitrary tags to your event. This can help with processing later. Value type is array Default value: None This variable is optional

type

Label this input with a type. Types are used mainly for filter activation. If you create an input with type “foobar”, then only filters which also have type “foobar” will act on them. The type is also stored as part of the event itself, so you can also use the type to search for in the web interface. If you try to set a type on an event that already has one (for example when you send an event from a shipper to an indexer) then a new input will not override the existing type. A type set at the shipper stays with that event for its life even when sent to another LogStash server. Value type is string Default value: None This variable is required

instances

Array of instance names to which this define is. Value type is array Default value: [ ‘array’ ] This variable is optional

Extra information

This define is created based on LogStash version 1.1.12
Extra information about this input can be found at:
http://logstash.net/docs/1.1.12/inputs/elasticsearch

Need help? http://logstash.net/docs/1.1.12/learn

Authors

Parameters:

  • type (Any)
  • message_format (Any) (defaults to: '')
  • debug (Any) (defaults to: '')
  • format (Any) (defaults to: '')
  • host (Any) (defaults to: '')
  • index (Any) (defaults to: '')
  • charset (Any) (defaults to: '')
  • port (Any) (defaults to: '')
  • query (Any) (defaults to: '')
  • tags (Any) (defaults to: '')
  • add_field (Any) (defaults to: '')
  • instances (Any) (defaults to: [ 'agent' ]) 


144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
 
# File 'manifests/input/elasticsearch.pp', line 144

define logstash::input::elasticsearch (
  $type,
  $message_format = '',
  $debug          = '',
  $format         = '',
  $host           = '',
  $index          = '',
  $charset        = '',
  $port           = '',
  $query          = '',
  $tags           = '',
  $add_field      = '',
  $instances      = [ 'agent' ]
) {

  require logstash::params

  File {
    owner => $logstash::logstash_user,
    group => $logstash::logstash_group
  }

  if $logstash::multi_instance == true {

    $confdirstart = prefix($instances, "${logstash::configdir}/")
    $conffiles    = suffix($confdirstart, "/config/input_elasticsearch_${name}")
    $services     = prefix($instances, 'logstash-')
    $filesdir     = "${logstash::configdir}/files/input/elasticsearch/${name}"

  } else {

    $conffiles = "${logstash::configdir}/conf.d/input_elasticsearch_${name}"
    $services  = 'logstash'
    $filesdir  = "${logstash::configdir}/files/input/elasticsearch/${name}"

  }

  #### Validate parameters

  validate_array($instances)

  if ($tags != '') {
    validate_array($tags)
    $arr_tags = join($tags, '\', \'')
    $opt_tags = "  tags => ['${arr_tags}']\n"
  }

  if ($debug != '') {
    validate_bool($debug)
    $opt_debug = "  debug => ${debug}\n"
  }

  if ($add_field != '') {
    validate_hash($add_field)
    $var_add_field = $add_field
    $arr_add_field = inline_template('<%= "["+var_add_field.sort.collect { |k,v| "\"#{k}\", \"#{v}\"" }.join(", ")+"]" %>')
    $opt_add_field = "  add_field => ${arr_add_field}\n"
  }

  if ($port != '') {
    if ! is_numeric($port) {
      fail("\"${port}\" is not a valid port parameter value")
    } else {
      $opt_port = "  port => ${port}\n"
    }
  }

  if ($charset != '') {
    if ! ($charset in ['ASCII-8BIT', 'UTF-8', 'US-ASCII', 'Big5', 'Big5-HKSCS', 'Big5-UAO', 'CP949', 'Emacs-Mule', 'EUC-JP', 'EUC-KR', 'EUC-TW', 'GB18030', 'GBK', 'ISO-8859-1', 'ISO-8859-2', 'ISO-8859-3', 'ISO-8859-4', 'ISO-8859-5', 'ISO-8859-6', 'ISO-8859-7', 'ISO-8859-8', 'ISO-8859-9', 'ISO-8859-10', 'ISO-8859-11', 'ISO-8859-13', 'ISO-8859-14', 'ISO-8859-15', 'ISO-8859-16', 'KOI8-R', 'KOI8-U', 'Shift_JIS', 'UTF-16BE', 'UTF-16LE', 'UTF-32BE', 'UTF-32LE', 'Windows-1251', 'BINARY', 'IBM437', 'CP437', 'IBM737', 'CP737', 'IBM775', 'CP775', 'CP850', 'IBM850', 'IBM852', 'CP852', 'IBM855', 'CP855', 'IBM857', 'CP857', 'IBM860', 'CP860', 'IBM861', 'CP861', 'IBM862', 'CP862', 'IBM863', 'CP863', 'IBM864', 'CP864', 'IBM865', 'CP865', 'IBM866', 'CP866', 'IBM869', 'CP869', 'Windows-1258', 'CP1258', 'GB1988', 'macCentEuro', 'macCroatian', 'macCyrillic', 'macGreek', 'macIceland', 'macRoman', 'macRomania', 'macThai', 'macTurkish', 'macUkraine', 'CP950', 'Big5-HKSCS:2008', 'CP951', 'stateless-ISO-2022-JP', 'eucJP', 'eucJP-ms', 'euc-jp-ms', 'CP51932', 'eucKR', 'eucTW', 'GB2312', 'EUC-CN', 'eucCN', 'GB12345', 'CP936', 'ISO-2022-JP', 'ISO2022-JP', 'ISO-2022-JP-2', 'ISO2022-JP2', 'CP50220', 'CP50221', 'ISO8859-1', 'Windows-1252', 'CP1252', 'ISO8859-2', 'Windows-1250', 'CP1250', 'ISO8859-3', 'ISO8859-4', 'ISO8859-5', 'ISO8859-6', 'Windows-1256', 'CP1256', 'ISO8859-7', 'Windows-1253', 'CP1253', 'ISO8859-8', 'Windows-1255', 'CP1255', 'ISO8859-9', 'Windows-1254', 'CP1254', 'ISO8859-10', 'ISO8859-11', 'TIS-620', 'Windows-874', 'CP874', 'ISO8859-13', 'Windows-1257', 'CP1257', 'ISO8859-14', 'ISO8859-15', 'ISO8859-16', 'CP878', 'Windows-31J', 'CP932', 'csWindows31J', 'SJIS', 'PCK', 'MacJapanese', 'MacJapan', 'ASCII', 'ANSI_X3.4-1968', '646', 'UTF-7', 'CP65000', 'CP65001', 'UTF8-MAC', 'UTF-8-MAC', 'UTF-8-HFS', 'UTF-16', 'UTF-32', 'UCS-2BE', 'UCS-4BE', 'UCS-4LE', 'CP1251', 'UTF8-DoCoMo', 'SJIS-DoCoMo', 'UTF8-KDDI', 'SJIS-KDDI', 'ISO-2022-JP-KDDI', 'stateless-ISO-2022-JP-KDDI', 'UTF8-SoftBank', 'SJIS-SoftBank', 'locale', 'external', 'filesystem', 'internal']) {
      fail("\"${charset}\" is not a valid charset parameter value")
    } else {
      $opt_charset = "  charset => \"${charset}\"\n"
    }
  }

  if ($format != '') {
    if ! ($format in ['plain', 'json', 'json_event', 'msgpack_event']) {
      fail("\"${format}\" is not a valid format parameter value")
    } else {
      $opt_format = "  format => \"${format}\"\n"
    }
  }

  if ($query != '') {
    validate_string($query)
    $opt_query = "  query => \"${query}\"\n"
  }

  if ($host != '') {
    validate_string($host)
    $opt_host = "  host => \"${host}\"\n"
  }

  if ($index != '') {
    validate_string($index)
    $opt_index = "  index => \"${index}\"\n"
  }

  if ($type != '') {
    validate_string($type)
    $opt_type = "  type => \"${type}\"\n"
  }

  if ($message_format != '') {
    validate_string($message_format)
    $opt_message_format = "  message_format => \"${message_format}\"\n"
  }

  #### Write config file

  file { $conffiles:
    ensure  => present,
    content => "input {\n elasticsearch {\n${opt_add_field}${opt_charset}${opt_debug}${opt_format}${opt_host}${opt_index}${opt_message_format}${opt_port}${opt_query}${opt_tags}${opt_type} }\n}\n",
    mode    => '0440',
    notify  => Service[$services],
    require => Class['logstash::package', 'logstash::config']
  }
}