jrha/htcondor-history.conf

## htcondor-history.conf
input {
    file {
        path => "/var/lib/condor/spool/history"
        sincedb_path => "/opt/logstash/sincedb"
        start_position => "beginning"
    }
}

filter {
    multiline {
        pattern => "^\*\*\* .*$"
        negate => true
        what => "next"
    }
    kv {
        field_split => "\n"
        trim => " \\\""
        trimkey => " "
        remove_field => "message"
    }
    grok {
        match => ["***Offset", "%{NUMBER:Offset}ClusterId=%{NUMBER:ClusterId}ProcId=%{NUMBER:ProcId}Owner=%{DATA:Owner}CompletionDate=%{NUMBER:CompletionDate}"]
        remove_field => "***Offset"
    }
    kv {
        source => "Env"
        target => "Env"
        field_split => ";"
        remove_field => "EnvDelim"
    }
    date {
        match => ["EnteredCurrentStatus", "UNIX"]
        target => "EnteredCurrentStatus_"
    }
    date {
        match => ["QDate", "UNIX"]
        target => "QDate_"
    }
    date {
        match => ["JobStartDate", "UNIX"]
        target => "JobStartDate_"
    }
    date {
        match => ["JobCurrentStartDate", "UNIX"]
        target => "JobCurrentStartDate_"
    }
    date {
        match => ["JobCurrentStartExecutingDate", "UNIX"]
        target => "JobCurrentStartExecutingDate_"
    }
    date {
        match => ["JobFinishedHookDone", "UNIX"]
        target => "JobFinishedHookDone_"
    }
    date {
        match => ["LastJobLeaseRenewal", "UNIX"]
        target => "LastJobLeaseRenewal_"
    }
    date {
        match => ["LastMatchTime", "UNIX"]
        target => "LastMatchTime_"
    }
    date {
        match => ["CompletionDate", "UNIX"]
        # Use this as the event timestamp
    }
}

output {
# Uncommment for debugging!
#    stdout {
#        codec => "rubydebug"
#    }
    elasticsearch {
        host => "esnode01.example.com"
        cluster => "mycluster"
        index => "condor-history-%{+YYYY.MM.dd}"
        node_name => "thisnode.example.com"
    }
}
	input {
	file {
	path => "/var/lib/condor/spool/history"
	sincedb_path => "/opt/logstash/sincedb"
	start_position => "beginning"
	}
	}

	filter {
	multiline {
	pattern => "^\\\* .*$"
	negate => true
	what => "next"
	}
	kv {
	field_split => "\n"
	trim => " \\\""
	trimkey => " "
	remove_field => "message"
	}
	grok {
	match => ["***Offset", "%{NUMBER:Offset}ClusterId=%{NUMBER:ClusterId}ProcId=%{NUMBER:ProcId}Owner=%{DATA:Owner}CompletionDate=%{NUMBER:CompletionDate}"]
	remove_field => "***Offset"
	}
	kv {
	source => "Env"
	target => "Env"
	field_split => ";"
	remove_field => "EnvDelim"
	}
	date {
	match => ["EnteredCurrentStatus", "UNIX"]
	target => "EnteredCurrentStatus_"
	}
	date {
	match => ["QDate", "UNIX"]
	target => "QDate_"
	}
	date {
	match => ["JobStartDate", "UNIX"]
	target => "JobStartDate_"
	}
	date {
	match => ["JobCurrentStartDate", "UNIX"]
	target => "JobCurrentStartDate_"
	}
	date {
	match => ["JobCurrentStartExecutingDate", "UNIX"]
	target => "JobCurrentStartExecutingDate_"
	}
	date {
	match => ["JobFinishedHookDone", "UNIX"]
	target => "JobFinishedHookDone_"
	}
	date {
	match => ["LastJobLeaseRenewal", "UNIX"]
	target => "LastJobLeaseRenewal_"
	}
	date {
	match => ["LastMatchTime", "UNIX"]
	target => "LastMatchTime_"
	}
	date {
	match => ["CompletionDate", "UNIX"]
	# Use this as the event timestamp
	}
	}

	output {
	# Uncommment for debugging!
	# stdout {
	# codec => "rubydebug"
	# }
	elasticsearch {
	host => "esnode01.example.com"
	cluster => "mycluster"
	index => "condor-history-%{+YYYY.MM.dd}"
	node_name => "thisnode.example.com"
	}
	}