You cannot do that using an http_poller input. You will have to use http filters. You can drive the schedule using a heartbeat input
heartbeat { interval => 60 }
If you can do a login for every audit_trail request then just use two http filters. If you need to use a single session for everything then you will need to use a single worker thread, and I think you will need to set pipeline.ordered to be true. Maybe something like
ruby {
code => '
if ! @@sessionId
event.set("[@metadata][needId]", true)
end
'
}
if ! [@metadata][needId] {
ruby { code => 'event.set([@metadata][id]", @@sessionId)' }
else
http {
# Make the call to api/v1/login
}
# Parse the session id from the response into [@metadata][id]
ruby { code => '@@sessionId = event.get("[@metadata][id]")' }
end
http {
# Make the call to audit_trail
}
Note the use of a variable with class scope (@@) so that multiple ruby filters can share it. [@metadata] is a field on the event that is ignored by most outputs, so it is useful for temporary variables.
If sessions expire then you will need to add code that sets @@sessionId back to nil just before that happens.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.