-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathwind.conf
More file actions
executable file
·79 lines (53 loc) · 2.13 KB
/
wind.conf
File metadata and controls
executable file
·79 lines (53 loc) · 2.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
input {
file {
path => "/opt/window/*"
start_position => "beginning"
ignore_older => 0
type => "w"
sincedb_path => "/dev/null"
}
}
filter {
if [type] == "w" {
csv {
separator => ","
columns => ["Name", "Configuration|Hardware|Number of virtual CPUs", "Max CPU|Usage (%)", "CPU|Usage (%)", "CPU|CPU Contention (%)", "Summary|Guest Operating System|Guest OS IP Address", "Disk|Usage Rate (MBps)", "Memory|Usage (%)", "Memory|Contention (%)", "Memory|Current Size (GB)", "Configuration|Hardware|Disk Space (GB)", "Max Network I/O|Usage Rate", "Network I/O|Usage Rate (MBps)", "Memory|Swapped (GB)", "Summary|Guest Operating System|Tools Running Status", "Summary|Guest Operating System|Tools Version Status", "Summary|Guest Operating System|Guest OS Full Name", "Summary|Runtime|Power State", "Summary|Parent Cluster", "Disk Space Reclaimable|Snapshot Space|Reclaimable Capacity", "Summary|Datastore(s)", "Summary|Parent Host"]
}
grok {
match => ["path", "%{MONTHNUM:month}-%{MONTHDAY:day}-%{YEAR:year}\ .*"]
add_field => ["datetime", "%{month}/%{day}/%{year}"]
}
mutate {
remove_field => ["month", "day", "year"]
}
date {
match => ["datetime", "MM/dd/yy"]
target => "datetime"
}
mutate {convert => ["Configuration|Hardware|Number of virtual CPUs", "integer"] }
mutate {convert => ["Max CPU|Usage (%)", "float"] }
mutate {convert => ["CPU|Usage (%)", "float"] }
mutate {convert => ["CPU|CPU Contention (%)", "float"] }
mutate {convert => ["Configuration|Hardware|Disk Space (GB)", "float"] }
mutate {convert => ["Disk|Usage Rate (MBps)", "float"] }
mutate {convert => ["Memory|Usage (%)", "float"] }
mutate {convert => ["Memory|Contention (%)", "float"] }
mutate {convert => ["Memory|Swapped (GB)", "float"] }
mutate {convert => ["Network I/O|Usage Rate (MBps)", "integer"] }
}
uuid {
target => "uuid"
overwrite => true
}
}
output {
if [type] == "w" {
elasticsearch {
hosts => ["10.5.112.121:9200", "10.5.112.122:9200"]
index => "vmware"
document_type => "vmwaree"
document_id => "%{uuid}"
}
stdout {codec => rubydebug}
}
}