li-filebeat-events-to-prod-env
Pipeline: li-filebeat-events-to-prod-env
| @rn:read-stream
name = "logs1" &
group = "group-prod-env-filebeat"
--> @dm:add-missing-columns
columns="rda_gw_client_ip,message" &
value="None"
--> @dm:enrich-using-rule-dict
dict = "petclinic-env-dict" &
rule_column = "rule" &
enrich_columns = "env"
--> @rn:write-stats-to-stream
name = "log-intel-stats" &
groupby = "env" &
type = "filebeat-events" &
mode = "input"
--> *dm:filter
message does not contain 'DEBUG'
and
message does not contain 'INFO'
--> @dm:skip-block-if-shape
row_count=0
--> @rn:write-stats-to-stream
name = "log-intel-stats" &
groupby = "env" &
type = "filebeat-events" &
mode = "output"
--> @splunkv2:add-to-index
index='prod_petclinic_imp_logs' &
create = 'True'
|
Extensions used in this Pipeline
Artifacts used in this Pipeline
Artifact Type |
Artifact Name |
Access |
rda-network-stream |
logs1 |
read |
dataset |
petclinic-env-dict |
read |
rda-network-stream |
log-intel-stats |
write |
Bots used in this Pipeline
@rn:read-stream @dm:add-missing-columns @dm:enrich-using-rule-dict @rn:write-stats-to-stream *dm:filter @dm:skip-block-if-shape @splunkv2:add-to-index