44 lines
918 B
JSON
44 lines
918 B
JSON
{
|
|
"description": "Pipeline for parsing ProxySQL audit logs",
|
|
"processors": [
|
|
{
|
|
"dissect": {
|
|
"field": "client_addr",
|
|
"pattern": "%{client_ip}:%{_client_port}"
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "schemaname",
|
|
"target_field": "schema"
|
|
}
|
|
},
|
|
{
|
|
"script": {
|
|
"lang": "painless",
|
|
"source": "if (ctx.duration != null && ctx.duration.endsWith('ms')) { ctx.duration_ms = Double.parseDouble(ctx.duration.replace('ms', '')); }"
|
|
}
|
|
},
|
|
{
|
|
"date": {
|
|
"field": "timestamp",
|
|
"target_field": "@timestamp",
|
|
"formats": ["UNIX_MS"]
|
|
}
|
|
},
|
|
{
|
|
"remove": {
|
|
"field": [
|
|
"client_addr",
|
|
"_client_port",
|
|
"proxy_addr",
|
|
"duration",
|
|
"time",
|
|
"timestamp",
|
|
"ssl"
|
|
],
|
|
"ignore_missing": true
|
|
}
|
|
}
|
|
]
|
|
} |