double-p/json haproxy + logstash Secret

## json haproxy + logstash
log-format {"timestamp":"%t","src_ip":"%ci","hostname":"%H","status":%ST,"term_state":"%ts","traffic.sent":%B,"traffic.upload":%U,"active_conns":%ac,"timers.upstream_connect":%Tc,"timers.client_connect":%Tq,"timers.upstream_response":%Tr,"timers.session":%Tt,"timers.queue_wait":%Tw,"backend.name":"%b","backend.conn":%bc,"backend.queue":%bq,"frontend.name":"%f","frontend.conns":%fc,"frontend.transport":"%ft","http.vhost":"%[capture.req.hdr(0)]","http.cf-conn-ip":"%[capture.req.hdr(1)]","http.cf-ray":"%[capture.req.hdr(2)]","http.hdr_rsp":"%hsl","http_request":%{+Q}r,"server.name":"%s","server.conns":%sc,"server.queue":%sq,"ssl.version":"%sslv","ssl.cipher":"%sslc","unique":"%ID"}

 if [type] == "haproxy" {
    grok {
      # strip syslog headers, input method "syslog" is too "strict" for the long lines passed from haproxy
        match => [ 'message', '<%{POSINT}>%{SYSLOGTIMESTAMP} %{SYSLOGPROG}: %{GREEDYDATA:logline}' ]
    }
    date {
        match => [ 'timestamp', 'dd/MMM/YYYY:HH:mm:ss:SSS' ]
    }
    json {
        source => 'logline'
    }
    grok {
        match => [ 'http_request', '%{NOTSPACE:http.method} %{NOTSPACE:http_pathquery} %{NOTSPACE:http.protocol}']
    }
    grok {
        match => [ 'http_pathquery', '%{URIPATH:http.path}(%{URIPARAM:http.query})?']
    }
    if [src_ip] {
         geoip {
             source => "src_ip"
             target => "geoip"
             #database => "/usr/share/GeoIP/GeoIP.dat"
             add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
             add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
         }
         mutate {
             convert => [ "[geoip][coordinates]", "float" ]
         }
    }
    mutate { gsub => [ 'ssl.version', '-', 'none' ] }
    mutate { 'remove_field' => [ 'logline', 'pid', 'message', 'http_request', 'http_pathquery' ] }
 }
	log-format {"timestamp":"%t","src_ip":"%ci","hostname":"%H","status":%ST,"term_state":"%ts","traffic.sent":%B,"traffic.upload":%U,"active_conns":%ac,"timers.upstream_connect":%Tc,"timers.client_connect":%Tq,"timers.upstream_response":%Tr,"timers.session":%Tt,"timers.queue_wait":%Tw,"backend.name":"%b","backend.conn":%bc,"backend.queue":%bq,"frontend.name":"%f","frontend.conns":%fc,"frontend.transport":"%ft","http.vhost":"%[capture.req.hdr(0)]","http.cf-conn-ip":"%[capture.req.hdr(1)]","http.cf-ray":"%[capture.req.hdr(2)]","http.hdr_rsp":"%hsl","http_request":%{+Q}r,"server.name":"%s","server.conns":%sc,"server.queue":%sq,"ssl.version":"%sslv","ssl.cipher":"%sslc","unique":"%ID"}

	if [type] == "haproxy" {
	grok {
	# strip syslog headers, input method "syslog" is too "strict" for the long lines passed from haproxy
	match => [ 'message', '<%{POSINT}>%{SYSLOGTIMESTAMP} %{SYSLOGPROG}: %{GREEDYDATA:logline}' ]
	}
	date {
	match => [ 'timestamp', 'dd/MMM/YYYY:HH:mm:ss:SSS' ]
	}
	json {
	source => 'logline'
	}
	grok {
	match => [ 'http_request', '%{NOTSPACE:http.method} %{NOTSPACE:http_pathquery} %{NOTSPACE:http.protocol}']
	}
	grok {
	match => [ 'http_pathquery', '%{URIPATH:http.path}(%{URIPARAM:http.query})?']
	}
	if [src_ip] {
	geoip {
	source => "src_ip"
	target => "geoip"
	#database => "/usr/share/GeoIP/GeoIP.dat"
	add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
	add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
	}
	mutate {
	convert => [ "[geoip][coordinates]", "float" ]
	}
	}
	mutate { gsub => [ 'ssl.version', '-', 'none' ] }
	mutate { 'remove_field' => [ 'logline', 'pid', 'message', 'http_request', 'http_pathquery' ] }
	}