-
Notifications
You must be signed in to change notification settings - Fork 9
/
ncedc-earthquakes-logstash.conf
40 lines (40 loc) · 1.11 KB
/
ncedc-earthquakes-logstash.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
input {
stdin {}
}
filter {
csv {
columns => ["timestamp","latitude","longitude","depth","mag","magType","nst","gap","dmin","rms","source","event_id"]
convert => {"latitude" => "float"}
convert => {"longitude" => "float"}
convert => {"depth" => "float"}
convert => {"mag" => "float"}
convert => {"dmin" => "float"}
convert => {"rms" => "float"}
convert => {"gap" => "float"}
convert => {"nst" => "integer"}
convert => {"event_id" => "integer"}
}
mutate {
add_field => ["location", "%{latitude}, %{longitude}"]
add_field => ["type", "${EVENT:earthquake}"]
remove_field => ["latitude", "longitude"]
}
date {
match => ["timestamp", "yyyy/MM/dd HH:mm:ss.SS", "ISO8601"]
remove_field => ["timestamp"]
timezone => "GMT"
}
}
output {
# stdout { codec => rubydebug { metadata => true } }
stdout { codec => dots }
elasticsearch {
# hosts => [""]
# user => "elastic"
# password => "changeme"
index => "ncedc-earthquakes"
template => "ncedc-earthquakes-template.json"
template_name => "ncedc-earthquakes"
template_overwrite => true
}
}