Commit 1368fe74 authored by SedaQ's avatar SedaQ
Browse files

add sandbox to the index.

parent b1814795

etc/kypo-logstash-portal-events.conf

+6 −5
Original line number Diff line number Diff line
@@ -7,10 +7,11 @@ input { 
filter {

    # retrieve elements from json to compose Elasticsearch index correctly

    mutate {

	    add_field => { "[@metadata][eseventtype]" => "%{type}" }

	    add_field => { "[@metadata][definitionID]" => "%{training_definition_id}"}

        add_field => { "[@metadata][instanceID]" => "%{training_instance_id}"}

        add_field => { "[@metadata][runID]" => "%{training_run_id}"}		

	    add_field => { "[@metadata][eseventtype]" => "%{[message][type]}" }

        add_field => { "[@metadata][definitionId]" => "%{[message][training_definition_id]}"}

        add_field => { "[@metadata][instanceId]" => "%{[message][training_instance_id]}"}

        add_field => { "[@metadata][runId]" => "%{[message][training_run_id]}"}

        add_field => { "[@metadata][sandboxId]" => "%{[message][sandbox_id]}"}

    }

	# index in Elasticsearch must be lowercase, so we need to lowercase it

    mutate {
@@ -23,7 +24,7 @@ filter { 
output {

	elasticsearch {

		hosts => [ "elasticsearch:9200" ]

		index => "kypo.%{[@metadata][eseventtype]}_evt.definition=%{[@metadata][definitionID]}.instance=%{[@metadata][instanceID]}.run=%{[@metadata][runID]}"    

		index => "kypo.%{[@metadata][eseventtype]}_evt.sandbox=%{[@metadata][sandboxId]}.definition=%{[@metadata][definitionId]}.instance=%{[@metadata][instanceId]}.run=%{[@metadata][runId]}"

		codec => json

	}

}
 
 No newline at end of file

insert-td.sh

0 → 100644
+17 −0
Original line number Diff line number Diff line 
#!/bin/bash

ELASTICSEARCH_API_ROOT="http://localhost:9200/"

LOGSTASH_API_ROOT_TD="http://localhost:9604"



## POST data to Elastic search

# KYPO portal events

if [ ! -z "$1" ]

then

	cd "$1"

	for FILE in training_definition-id*.json

	do

	  TD_FILE_CONTENT=`cat $FILE`

	  curl -X POST -d "$TD_FILE_CONTENT" "${LOGSTASH_API_ROOT_TD}" -H 'Content-Type: application/json'

	done

else

    echo "KYPO PORTAL EVENTS DIRECTORY WAS NOT PROVIDED."

fi

template.json

+4 −0
Original line number Diff line number Diff line
@@ -11,6 +11,10 @@ 
		"timestamp_ms": {

          "type": "date",

          "format": "epoch_millis"

        },

		"timestamp_str": {

          "type": "date",

          "format": "epoch_millis"

        },

        "start_time": {

          "type": "date",