apiVersion: v1 kind: ConfigMap metadata: name: logstash-config namespace: elastic-system data: logstash.conf: |- input { kafka { bootstrap_servers => ["${BOOTSTRAP_SERVERS}"] client_id => "logstash-${K8S_CLUSTER}" group_id => "logstash-${K8S_CLUSTER}" auto_offset_reset => "latest" consumer_threads => 3 decorate_events => false topics => ["wfm-java","xspay-java","jhpay-java","mpos-java","sxzs-java","dgjs-java","epos-java","wfbs-java","csps-java","uen-java","ingress-nginx"] codec => "json" } } input { tcp { host => "0.0.0.0" port => "4590" mode => "server" codec => json_lines } } input { tcp { host => "0.0.0.0" port => "4560" mode => "server" codec => json_lines } } input { beats { port => "4584" } } filter { if [fields][items] in ["wfm-java","xspay-java","jhpay-java","mpos-java","sxzs-java","dgjs-java","epos-java","wfbs-java","csps-java","uen-java"] { grok { match => { "message" => "(?%{TIMESTAMP_ISO8601})\s*\[%{DATA:thread_name}:%{DATA:traceId}\]\s*%{LOGLEVEL:level}\s*%{DATA:logger_name}\[%{DATA:stack_trace}\] - %{GREEDYDATA:message}" } overwrite => ["message"] } date { match => ["systemtime","ISO8601"] } } else if [fields][items] == "ingress-nginx" { json { source => "message" remove_field => ["message"] } } } output { stdout { codec => rubydebug } elasticsearch { hosts => ["${ELASTICSEARCH_ENDPOINT}"] user => "${ELASTICSEARCH_USER}" password => "${ELASTICSEARCH_PASSWORD}" index => "%{[fields][items]}-${K8S_CLUSTER}-%{+YYYY.MM.dd}" } } --- apiVersion: v1 kind: ConfigMap metadata: name: logstash-yml namespace: elastic-system labels: type: logstash data: logstash.yml: |- http.host: "0.0.0.0" xpack.monitoring.elasticsearch.hosts: ${ELASTICSEARCH_ENDPOINT}" xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.username: "${ELASTICSEARCH_USER}" xpack.monitoring.elasticsearch.password: "${ELASTICSEARCH_PASSWORD}"