li-udp-syslog-events-to-prod-env
Pipeline: li-udp-syslog-events-to-prod-env
| ## read data from stream
@rn:read-stream
name = "syslog-udp-stream-01" &
group = "group-prod-env-syslog-udp-data"
--> @dm:add-missing-columns
columns="rda_gw_client_ip,syslog_severity" &
value="None"
--> @dm:enrich-using-rule-dict
dict = "petclinic-env-dict" &
rule_column = "rule" &
enrich_columns = "env"
--> @dm:eval
syslog_severity = "syslog_severity.upper()"
--> @rn:write-stats-to-stream
name = "log-intel-stats" &
groupby = "env,syslog_severity" &
type = "syslog-udp" &
mode = "input"
--> *dm:filter
syslog_severity is not 'DEBUG'
and
syslog_severity is not 'INFORMATIONAL'
--> @dm:skip-block-if-shape
row_count=0
--> @rn:write-stats-to-stream
name = "log-intel-stats" &
groupby = "env,syslog_severity" &
type = "syslog-udp" &
mode = "output"
--> @splunkv2:add-to-index
index='prod_petclinic_imp_logs' & create = 'True'
|
Extensions used in this Pipeline
Artifacts used in this Pipeline
| Artifact Type |
Artifact Name |
Access |
| rda-network-stream |
syslog-udp-stream-01 |
read |
| dataset |
petclinic-env-dict |
read |
| rda-network-stream |
log-intel-stats |
write |
Bots used in this Pipeline
@rn:read-stream @dm:add-missing-columns @dm:enrich-using-rule-dict @dm:eval @rn:write-stats-to-stream *dm:filter @dm:skip-block-if-shape @splunkv2:add-to-index