Bonjour la communauté Elastic,
Je voudrais savoir s’il est possible d’assembler un document à partir de plusieurs Input ?
Dans ma configuration je fais plusieurs fois appel à la base de données GLPI mais chaque input créer un document. Voici mon fichier de configuration.
input {
jdbc {
jdbc_driver_library => "/usr/share/java/mysql-connector-java-8.0.15.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://mon.serveur.glpi:3306/glpi?useSSL=true&verifyServerCertificate=false&requireSSL=true"
jdbc_user => "user"
jdbc_password_filepath => "/my/path/to/.password"
jdbc_validate_connection => "true"
tracking_column_type => "timestamp"
tracking_column => "date_mod"
tags => ["glpi-tag-names-serials"]
schedule => "* * * * *"
statement => "SELECT glpi_computers.name as computer_name_g01,
glpi_computertypes.name as computertype_name_g01,
otherserial AS asset_tag_g01,
serial as serial_g01,
glpi_computers.date_mod as date_mod_g01
FROM glpi_computers
LEFT JOIN glpi_computertypes
ON glpi_computers.computertypes_id = glpi_computertypes.id
WHERE glpi_computers.date_mod > :sql_last_value
ORDER by glpi_computers.date_mod ASC"
clean_run => "true"
last_run_metadata_path => "/usr/share/logstash/.logstash_jdbc_last_run_glpi"
}
jdbc {
jdbc_driver_library => "/usr/share/java/mysql-connector-java-8.0.15.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://mon.serveur.glpi:3306/glpi?useSSL=true&verifyServerCertificate=false&requireSSL=true"
jdbc_user => "user"
jdbc_password_filepath => "/my/path/to/.password"
jdbc_validate_connection => "true"
schedule => "* * * * *"
tracking_column_type => "timestamp"
tracking_column => "date_mod"
tags => ["glpi-names-ip-mod"]
statement => "SELECT c.name as computer_name_g02, ip.name as ip_name_g02, np.mac as netwport_mac_g02, c.date_mod as date_mod_g02
FROM glpi_computers as c,
glpi_networkports as np,
glpi_networknames as nn,
glpi_ipaddresses as ip
WHERE np.itemtype = 'Computer'
AND np.items_id = c.id
AND nn.itemtype='NetworkPort'
AND nn.items_id = np.id
AND ip.itemtype='NetworkName'
AND ip.items_id = nn.id
AND c.date_mod > :sql_last_value
ORDER BY c.date_mod ASC"
clean_run => "true"
last_run_metadata_path => "/usr/share/logstash/.logstash_jdbc_last_run_glpi"
}
jdbc {
jdbc_driver_library => "/usr/share/java/mysql-connector-java-8.0.15.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://mon.autre.base/autreoutil?useSSL=true&verifyServerCertificate=false&requireSSL=true"
jdbc_user => "user"
jdbc_password_filepath => "/my/path/to/.password"
jdbc_validate_connection => "true"
tracking_column_type => "timestamp"
tracking_column => "date_modification"
schedule => "* * * * *"
tags => ["qrg-qrid-serials-projects-loc"]
statement => "SELECT a.qrid as asset_tag_q01,
a.numSerie as numserie_q01,
p.nom as projectname_q01,
l.nom as secteur_q01,
a.date_modification as date_mod_q01
FROM Asset as a, Projet as p, Localisation as l
WHERE p.id = a.Projet
AND a.localisation = l.id
AND a.date_modification > :sql_last_value
ORDER BY a.date_modification ASC;"
clean_run => "true"
last_run_metadata_path => "/usr/share/logstash/.logstash_jdbc_last_run_eInv"
}
}
output {
if "glpi-tag-names-serials" in [tags] or "glpi-names-ip-mod" in [tags] or "qrg-qrid-serials-projects-loc" in [tags] {
elasticsearch {
hosts => ["127.0.0.1:9000"]
index => "master-index-%{+yyyy.MM.dd}"
}
}
}
Alors je me demande si il est possible de passer chacune des valeurs dans des variables et de les comparer puis les insérer dans le même document.
lorsqu'une valeur match par exemple si computer_name_g01 = computer_name_g02 alors tu m'assemble toute les cle/valeurs dans le même document de sortie don j'aurais fait la mise en forme.
Je sais que je ne suis pas très clair et j'en suis désolé ^^ Je suis nouveau dans ce domaine !