Changes between Initial Version and Version 1 of Logstash


Ignore:
Timestamp:
03/04/21 06:31:43 (4 years ago)
Author:
krit
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Logstash

    v1 v1  
     1= Logstash =
     2
     3Use following logstash.conf
     4{{{
     5[krit@mini bitnami-docker-logstash]$ more logstash_http_multi_1.conf
     6input {
     7  http {
     8    host => "0.0.0.0" # default: 0.0.0.0
     9    port => 31311 # default: 8080
     10  }
     11}
     12
     13filter {
     14  csv {
     15    separator => ","
     16    columns => ["ID", "Moisture", "Temperature", "latitude", "longitude"]
     17    convert => {
     18      "Moisture" => "float"
     19      "Temperature" => "float"
     20    }
     21  }
     22  mutate { convert => {"latitude" => "float"} }
     23  mutate { convert => {"longitude" => "float"} }
     24  mutate { add_field => { "geoLocation" => "%{latitude} ,%{longitude}" } }
     25 
     26  mutate { remove_field => ["host", "headers"] }
     27}
     28
     29output {
     30  elasticsearch {
     31    hosts => ["elasticsearch:9200"]
     32    index => "poi-2021-02-04"
     33  }
     34}
     35
     36}}}
     37
     38In kibana, to use map Geo Point we need to put following template to index poi-2021-02-04
     39{{{
     40PUT _template/geotemplate
     41{
     42  "index_patterns": ["poi-2021-02-04"],
     43  "settings": {},
     44  "mappings": { "properties": {"geoLocation": {"type": "geo_point"} } },
     45  "aliases": {}
     46}
     47}}}
     48
     49
     50Then test with following data
     51{{{
     52# AirPort
     53curl -XPUT 'http://172.18.0.3:31311/twitter/tweet/1' -d 'arl,5.0,3.0,13.69,100.7501'
     54
     55# KMITL
     56curl -XPUT 'http://172.18.0.3:31311/twitter/tweet/1' -d 'kml,8.0,1.0,13.7299,100.7782'
     57
     58# Cha-choeng-sao
     59curl -XPUT 'http://172.18.0.3:31311/twitter/tweet/1' -d 'ccs,8.0,1.0,13.6904,101.0780'
     60
     61# Bang-Ka-Nak
     62curl -XPUT 'http://172.18.0.3:31311/twitter/tweet/1' -d 'bkn,1.0,1.0,13.8528,101.1165'
     63
     64# Pra-Nom-Sara-Karm
     65curl -XPUT 'http://172.18.0.3:31311/twitter/tweet/1' -d 'psk,1.0,1.0,13.744,101.3470'
     66
     67# Sa-mut-Pra-Karn
     68curl -XPUT 'http://172.18.0.3:31311/twitter/tweet/1' -d 'spk,1.0,1.0,13.5991,100.5998'
     69
     70# Ra-Sa-ParkLen
     71curl -XPUT 'http://172.18.0.3:31311/twitter/tweet/1' -d 'rpk,1.0,1.0,13.895399,100.641752'
     72}}}
     73
     74
     75If we can to use json, we need to use logstash.conf as followng
     76{{{
     77#!sh
     78[krit@mini bitnami-docker-logstash]$ cat logstash_http_josn_1.conf
     79input {
     80  http {
     81    host => "0.0.0.0" # default: 0.0.0.0
     82    port => 31311 # default: 8080
     83  }
     84}
     85
     86filter {
     87  json {
     88        source => "message"
     89  }
     90  if [ID] == "cc1" {
     91        drop {}
     92  }
     93}
     94
     95output {
     96  elasticsearch {
     97    hosts => ["elasticsearch:9200"]
     98    index => "mjson-2021-02-09"
     99  }
     100}
     101[krit@mini bitnami-docker-logstash]$
     102}}}
     103
     104We need to config kibana to know our template 
     105{{{
     106PUT _template/jsongeotemplate
     107{
     108  "index_patterns": ["mjson-2021-02-09"],
     109  "settings": {},
     110  "mappings": { "properties": {"geoLocation": {"type": "geo_point"} } },
     111  "aliases": {}
     112}
     113
     114}}}
     115
     116Then we can test with following
     117
     118{{{
     119curl -XPUT 'http://172.18.0.3:31311/twitter/tweet/1' -d 'rpk,1.0,1.0,13.895399,100.641752'
     120
     121# AirPort
     122curl -X POST -H "Content-Type: application/json" 'http://172.18.0.3:31311/twitter/tweet/1' -d '{"ID": "arl", "speed": 1.2, "Lumi": 1, "l
     123at": 13.69, "lon": 100.7501}'
     124
     125# Ra-Sa-ParkLen
     126curl -X POST -H "Content-Type: application/json" 'http://172.18.0.3:31311/twitter/tweet/1' -d '{"ID": "rpk", "speed": 1.9, "Lumi": 2, "l
     127at": 13.89534, "lon": 100.641752 }'
     128
     129# Sa-mut-Pra-Karn
     130curl -X POST -H "Content-Type: application/json" 'http://172.18.0.3:31311/twitter/tweet/1' -d '{"ID": "spk", "speed": 2.1, "Lumi": 3, "l
     131at": 13.5991, "lon": 100.5998 }'
     132
     133# Cha-choeng-sao
     134curl -X POST -H "Content-Type: application/json" 'http://172.18.0.3:31311/twitter/tweet/1' -d '{"ID": "ccs", "speed": 2.4, "Lumi": 1, "l
     135at": 13.6904, "lon": 101.0780}'
     136
     137# Bang-ka-nak
     138curl -X POST -H "Content-Type: application/json" 'http://172.18.0.3:31311/twitter/tweet/1' -d '{"ID": "bkn", "speed": 1.4, "Lumi": 1, "l
     139at": 13.8528, "lon": 101.1165}'
     140
     141# Pra-Nom-Sara-Karm
     142curl -X POST -H "Content-Type: application/json" 'http://172.18.0.3:31311/twitter/tweet/1' -d '{"ID": "psk", "speed": 1.4, "Lumi": 1, "l
     143at": 13.744, "lon": 101.3470}'
     144
     145# KMITL
     146curl -X POST -H "Content-Type: application/json" 'http://172.18.0.3:31311/twitter/tweet/1' -d '{"ID": "kml", "speed": 1.4, "Lumi": 1, "l
     147at": 13.7299, "lon": 100.7782}'
     148
     149}}}
     150
     151Pls note: if ID:cc1 logstash will drop this ID since in the logstash.conf, it will drop this ID
     152
     153
     154
     155To have more index with different ports, we need to use logstash.conf as following
     156
     157{{{
     158#!sh
     159
     160[krit@mini bitnami-docker-logstash]$ more logstash_http_josn_3.conf
     161input {
     162  http {
     163    type => "farm"
     164    host => "0.0.0.0" # default: 0.0.0.0
     165    port => 31311 # default: 8080
     166  }
     167}
     168
     169input {
     170  http {
     171    type => "ev"
     172    host => "0.0.0.0" # default: 0.0.0.0
     173    port => 8080 # default: 8080
     174  }
     175}
     176
     177filter {
     178
     179  if [type] == "farm" {
     180      json {
     181            source => "message"
     182      }
     183      mutate { add_field => { "geoLocation" => "%{[lat]} ,%{[lon]}" } }
     184      mutate { remove_field => ["host", "headers"] }
     185  }
     186  if [type] == "ev" {
     187      json {
     188            source => "message"
     189      }
     190      mutate { add_field => { "geoLocation" => "%{[lat]} ,%{[lon]}" } }
     191      mutate { remove_field => ["host", "headers"] }
     192  }
     193}
     194
     195output {
     196
     197   if [type] == "farm" {
     198      elasticsearch {
     199        hosts => ["elasticsearch:9200"]
     200        index => "mjson-2021-02-09"
     201      }
     202   }
     203   if [type] == "ev" {
     204      elasticsearch {
     205        hosts => ["elasticsearch:9200"]
     206        index => "ev-2021-02-09"
     207      }
     208   }
     209
     210}
     211[krit@mini bitnami-docker-logstash]$
     212
     213}}}
     214
     215The config Kibana to know GeoPoint in index ev-2021-02-09 as following
     216{{{
     217PUT _template/evgeotemplate
     218{
     219  "index_patterns": ["ev-2021-02-09"],
     220  "settings": {},
     221  "mappings": { "properties": {"geoLocation": {"type": "geo_point"} } },
     222  "aliases": {}
     223}
     224}}}
     225
     226Then test with port 8080 for index ev or 31311 for mjson
     227{{{
     228# AirPort
     229curl -X POST -H "Content-Type: application/json" 'http://172.18.0.3:31311/twitter/tweet/1' -d '{"ID": "arl", "speed": 1.2, "Lumi": 1, "l
     230at": 13.69, "lon": 100.7501}'
     231
     232# AirPort
     233curl -X POST -H "Content-Type: application/json" 'http://172.18.0.3:8080/twitter/tweet/1' -d '{"ID": "arl", "speed": 1.2, "Lumi": 1, "l
     234at": 13.69, "lon": 100.7501}'
     235
     236}}}