Commit d4a4f0aa authored by Snorre Magnus Davøen's avatar Snorre Magnus Davøen 💬

Add missing contents in elk/pipeline.conf file.

Signed-off-by: Snorre Magnus Davøen's avatarSnorre Magnus Davøen <snorre.davoen@nsd.no>
parent 4cddeb4f
input {
gelf {
host => "0.0.0.0"
port => 5001
# It is possible to add fields that help with filtering and output
add_field => {
origin => "docker"
}
}
}
filter {
if [origin] == "docker" {
json {
source => "message"
skip_on_invalid_json => true
}
}
}
output {
if [origin] == "docker" {
elasticsearch {
hosts => "elasticsearch:9200"
index => "modsecurity-%{+YYYY.MM.dd}"
}
} else if [origin] == "beat" {
elasticsearch {
hosts => "elasticsearch:9200"
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment