input { tcp { port => 5555 codec => json } } filter { grok { match => { "message" => "\[%{WORD:tenant}\]" } } grok { patterns_dir => ["/etc/logstash/patterns"] match => {"message" => "userId\s*=\s*(%{USER:user})"} tag_on_failure => [] } translate { field => "X-Operation-Name" destination => "category" dictionary => { "ProductResource.getAllProductsWithDescriptionAndTechnicalId" => "product" "ProductResource.importAll" => "product" "ProductResource.getAutoCompletOpt" => "product" "ProductResource.createProductsPair" => "product" "ProductResource.getProduct" => "product" "ProductResource.assignProduct" => "product" "ProductResource.deleteProduct" => "product" "ProductResource.getAllProducts" => "product" "ProductResource.getEsProducts" => "product" "ProductResource.countProducts" => "product" "ProductResource.createProduct" => "product" "ProductResource.unassignProduct" => "product" "ProductResource.updateProductsPair" => "product" "ProductResource.updateProduct" => "product" "SimCardResource.searchSimCardsInEs" => "sim" "SimCardResource.getDataLimit" => "sim" "SimCardResource.getDataLimitBalance" => "sim" "SimCardResource.countSimCards" => "sim" "SimCardResource.getAllSimCards" => "sim" "SimCardResource.getSimCard" => "sim" "SimCardResource.getUsage" => "sim" "SimCardResource.getSimCardStatistics" => "sim" "SimCardResource.simCardPing" => "sim" "SimCardResource.getSimNetworkStatusGroupedByCountry" => "sim" "SimCardResource.importSimCardByCSV" => "sim" "SimCardResource.getLiveUsage" => "sim" "SimCardResource.provisionSimCard" => "sim" "SimCardResource.updateSimCards" => "sim" "SimCardResource.getAllSimCardsByProdInstaParam" => "sim" "SimCardResource.syncDbWithEs" => "sim" "SimCardResource.setDataLimit" => "sim" "SimCardResource.updateSimAfterNetworkEvent" => "sim" "SimCardResource.getTotalUsage" => "sim" "SimCardResource.validateSimCSV" => "sim" "SimCardResource.simCardLocationReset" => "sim" "SimCardResource.exportCSV" => "sim" "SimCardResource.getSimCardForNotifications" => "sim" "SimCardResource.provisionSimCardByCSV" => "sim" "SimCardResource.updateSimCard" => "sim" "SimCardResource.getAutoCompletOpt" => "sim" "SimCardResource.createSimCard" => "sim" "SimCardResource.getSimsForProvision" => "sim" "TechnicalProductResource.updateTechnicalProduct" => "technical_product" "TechnicalProductResource.createTechnicalProduct" => "technical_product" "TechnicalProductResource.deleteTechnicalProduct" => "technical_product" "TechnicalProductResource.getAllTechnicalProducts" => "technical_product" "TechnicalProductResource.getTechnicalProduct" => "technical_product" "OrderResource.getOrders" => "order" "OrderResource.update" => "order" "OrderResource.simCardAction" => "order" "OrderResource.moveToSimCardBillingAccount" => "order" "OrderResource.getFailedItemsForOrders" => "order" "OrderResource.fillOrderWithSimCards" => "order" "OrderResource.createSimOrder" => "order" "OrderResource.getBatchFileForOrders" => "order" "OrderResource.changeStatus" => "order" "OrderResource.getOrder" => "order" "OrderResource.batchOperation" => "order" "OrderResource.getOrderStatus" => "order" "OrderResource.getBatchOrders" => "order" "OrderResource.changeSimCardPlan" => "order" "CustomerProfileResource.updateCustomFields" => "customer" "CustomerProfileResource.createBillingAccount" => "customer" "CustomerProfileResource.updateUser" => "customer" "CustomerProfileResource.getCustomers" => "customer" "CustomerProfileResource.deleteFile" => "customer" "CustomerProfileResource.getUsers" => "customer" "CustomerProfileResource.saveContract" => "customer" "CustomerProfileResource.endTrialPeriod" => "customer" "CustomerProfileResource.uploadFileForAccount" => "customer" "CustomerProfileResource.sendOnboardingDetails" => "customer" "CustomerProfileResource.extendTrialPeriod" => "customer" "CustomerProfileResource.assignUploadedFiles" => "customer" "CustomerProfileResource.uploadFile" => "customer" "CustomerProfileResource.getCurrentContactAddress" => "customer" "CustomerProfileResource.getBatchFileForOrders" => "customer" "CustomerProfileResource.updateBillingAccount" => "customer" "CustomerProfileResource.deleteBillingAccount" => "customer" "CustomerProfileResource.getCustomFields" => "customer" "CustomerProfileResource.createUser" => "customer" "CustomerProfileResource.getBillingAccounts" => "customer" "CustomerProfileResource.updateAssignedPlansProducts" => "customer" "CustomerProfileResource.deleteUser" => "customer" "CustomerProfileResource.getDocuments" => "customer" "CustomerProfileResource.acceptContract" => "customer" "CustomerProfileResource.updateContactAddress" => "customer" "CustomerProfileResource.getContract" => "customer" "CustomerProfileResource.getAssignedPlansProducts" => "customer" "CustomerProfileResource.processAccount" => "customer" "CustomerProfileResource.getContactAddress" => "customer" "CustomerProfileResource.rejectContract" => "customer" } fallback => "unknown" } dissect { mapping => { "message" => "%{?drop} payload=%{payload_json}, %{?drop}" } } #json { # source => "payload_json" # target => "payload_object" # } } output { elasticsearch { hosts => ["http://10.12.174.15:9200","http://10.12.174.16:9200","http://10.12.174.17:9200"] user => "logstash_internal" password => "vK54tBEFUZaKBVtwsmlHksbr07Rm8cTn" index => "audit-logs-7" } # file { path => "/home/ubuntu/auditlogs-test-logstash"} }