Peter Titov iamhowardtheduck
iamhowardtheduck
/ Home-Assistant_Data_Ingestion_for_Elasticsearch
Last active
September 28, 2022 12:53
Home-Assistant_Data_Ingestion_for_Elasticsearch
View Home-Assistant_Data_Ingestion_for_Elasticsearch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Comprises of the following and to be installed in this order: | |
| # - Index template for field mapping | |
| # - DevTool command for index creation | |
| # - Ingest pipelines for conditional parsing (1 main and 16 conditional) | |
| # - Logstash pipeline to query Home-Assistant states via an API; use this link to obtain your authorization from your Home-Assistant instance: | |
| # -- https://developers.home-assistant.io/docs/api/rest/ -- | |
| # - A lot of blood, sweat, and tears (not really, this was fun!) ☺ | |
| ### INDEX TEMPLATE ### (updated: 20220928) |
iamhowardtheduck
/ plex-mediaserver-networkservicebrowser
Created
June 1, 2022 11:01
plex-mediaserver-networkservicebrowser-INW
View plex-mediaserver-networkservicebrowser
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/plex-mediaserver-networkservicebrowser | |
| { | |
| "processors": [ | |
| { | |
| "grok": { | |
| "field": "message", | |
| "patterns": [ | |
| "(?<event.name>SSDP departed) (?<event.reason>after not being seen for (?<plex.unseen_seconds>\\d+\\.\\d+) seconds)\\: %{IP:client.ip} \\(%{WORD:client.hostname}\\)", | |
| "(?<event.name>SSDP departed) (?<event.reason>after not being seen for (?<plex.unseen_seconds>\\d+\\.\\d+) seconds)\\: %{IP:client.ip} \\((?<client.hostname>[^\\s][^\\(]+) \\(%{IP}\\)\\)", | |
| "(?<event.name>SSDP arrived)\\: %{IP:client.ip} \\(%{WORD:client.hostname}\\)", |
View plex
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/plex | |
| { | |
| "processors": [ | |
| { | |
| "set": { | |
| "field": "event.module", | |
| "value": "plex", | |
| "ignore_failure": true | |
| } | |
| }, |
View weathermap.ndjson
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"attributes":{"color":"#06fff7","description":"Weather WMS Feeds: Base radar & warning by county","name":"weather"},"coreMigrationVersion":"7.13.2","id":"a3a75b00-d9c9-11eb-a8e7-7b5dbc36345d","references":[],"type":"tag","updated_at":"2021-06-30T17:36:02.237Z","version":"WzIyMDM0LDNd"} | |
| {"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"85f9ea6f-e4c6-449c-b9a8-c1af318e0afc\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":\"dark_map\",\"isAutoSelect\":false},\"id\":\"d2d55941-1943-4ab9-b19a-c5b80b1dcc89\",\"label\":\"Road map - Dark\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"WMS\",\"serviceUrl\":\"https://idpgis.ncep.noaa.gov/arcgis/services/NWS_Forecasts_Guidance_Warnings/watch_warn_adv/MapServer/WMS |
iamhowardtheduck
/ pfsense ingest pipeline
Last active
July 18, 2021 13:38
pfsense Elastic ECS Compliant Ingest Pipeline for filterlog & openvpn (INW)
View pfsense ingest pipeline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/plex | |
| { | |
| "processors": [ | |
| { | |
| "set": { | |
| "field": "event.module", | |
| "value": "plex", | |
| "ignore_failure": true | |
| } | |
| }, |
iamhowardtheduck
/ fail2ban-ecs-pipeline
Last active
May 30, 2021 18:36
Fail2Ban ECS Ingest Pipeline
View fail2ban-ecs-pipeline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/fail2ban-ecs | |
| { | |
| "processors": [ | |
| { | |
| "grok": { | |
| "field": "message", | |
| "patterns": [ | |
| "%{SYSLOGTIMESTAMP:timestamp} %{WORD:host.name} %{GREEDYDATA:message}" | |
| ], | |
| "ignore_missing": true, |
iamhowardtheduck
/ telemetry2.0-raw-data-pipeline
Created
October 9, 2020 13:12
View telemetry2.0-raw-data-pipeline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/RDK-searchResults-Raw | |
| { | |
| "version": 1, | |
| "processors": [ | |
| { | |
| "kv": { | |
| "field": "Report", | |
| "field_split": ",\\{", | |
| "value_split": ":", | |
| "strip_brackets": true, |
View moloch-ecs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/moloch-ecs | |
| { | |
| "description": "Ingest Moloch indices in ECS format.", | |
| "processors": [ | |
| { | |
| "rename": { | |
| "field": "dstIp", | |
| "target_field": "destination.ip", | |
| "description": "DESTINATION IP", | |
| "ignore_missing": true, |
iamhowardtheduck
/ gist:c67b65c1652c6508aafcd1da08f0ce30
Created
September 6, 2020 21:59
Zoneminder zmc_m#.log ECS Compliant Ingest Node Pipeline Processor
View gist:c67b65c1652c6508aafcd1da08f0ce30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/zoneminder-c | |
| { | |
| "processors": [ | |
| { | |
| "dissect": { | |
| "field": "message", | |
| "pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.camera.name}: images:%{zoneminder.camera.images} - Capturing at %{zoneminder.camera.fps} fps, capturing bandwidth %{zoneminder.camera.bytes}bytes/sec]", | |
| "ignore_failure": true, | |
| "description": "zoneminder-c FPS & Bytes", | |
| "ignore_missing": true |
iamhowardtheduck
/ gist:72f6c5277d45a06d261863510cbc65f0
Created
September 6, 2020 21:59
Zoneminder zma_m#.log ECS Compliant Ingest Node Pipeline Processor
View gist:72f6c5277d45a06d261863510cbc65f0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _ingest/pipeline/zoneminder-a | |
| { | |
| "processors": [ | |
| { | |
| "dissect": { | |
| "field": "message", | |
| "pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.camera.name}: %{Images} - Opening new event %{zoneminder.alarm.id}, section start]", | |
| "ignore_failure": true, | |
| "description": "zoneminder-a New Alert Start", | |
| "ignore_missing": true |
NewerOlder