input {
	redis {
		host => "redis-1.localnet.local"
		port => 6379
		data_type => "list"
		key => "log-ubuntu-sys"
		codec => "json"
	}
}

filter {
	grok {
		match => [
			"message", "%{TIMESTAMP_ISO8601:timestamp} \[(?<sys_type>diskstat)\] %{INT:disk_major:int}%{SPACE}%{INT:disk_minor:int}%{SPACE}%{DATA:disk_dev}%{SPACE}%{INT:disk_read_count:int}%{SPACE}%{INT}%{SPACE}%{INT}%{SPACE}%{INT}%{SPACE}%{INT:disk_write_count:int}",
			"message", "%{TIMESTAMP_ISO8601:timestamp} \[(?<sys_type>loadavg)\] %{NUMBER:sys_load_1:float} %{NUMBER} %{NUMBER} %{INT:running_process:int}/%{INT:total_process:int}",
			"message", "%{TIMESTAMP_ISO8601:timestamp} \[(?<sys_type>df)\] %{DATA:dev_path}\s+%{INT:disk_total:int}\s+%{INT:disk_used:int}\s+%{INT:disk_avail:int}",
			"message", "%{TIMESTAMP_ISO8601:timestamp} \[(?<sys_type>netdev)\] %{DATA:dev_name}:\s+%{INT:rx_byte:int}\s+%{INT:rx_pkt:int}\s+%{INT}\s+%{INT}\s+%{INT}\s+%{INT}\s+%{INT}\s+%{INT}\s+%{INT:tx_byte:int}\s+%{INT:tx_pkt:int}",
			"message", "%{TIMESTAMP_ISO8601:timestamp} \[(?<sys_type>meminfo)\]"
		]
		tag_on_failure => [ "exception" ]
	}

	date {
		match => [ "timestamp", "ISO8601" ]
		locale => "en"
	}

	if [sys_type] == "meminfo" {
		grok { match => [ "message", "\bMemTotal:\s+%{INT:mem_total:int} kB" ] }
		grok { match => [ "message", "\bMemFree:\s+%{INT:mem_free:int} kB" ] }
		grok { match => [ "message", "\bBuffers:\s+%{INT:mem_buffers:int} kB" ] }
		grok { match => [ "message", "\bCached:\s+%{INT:mem_cached:int} kB" ] }
		grok { match => [ "message", "\bSwapCached:\s+%{INT:mem_swap_cached:int} kB" ] }
		grok { match => [ "message", "\bSwapTotal:\s+%{INT:mem_swap_total:int} kB" ] }
		grok { match => [ "message", "\bSwapFree:\s+%{INT:mem_swap_free:int} kB" ] }

		ruby {
			code => "
				['mem_total', 'mem_free', 'mem_buffers', 'mem_cached', 'mem_swap_cached', 'mem_swap_total', 'mem_swap_free'].each do |k|
					event[k] = event[k] << 10 if event[k]
				end
			"
		}
	}

	ruby {
		code => "
			['host'].each do |k|
				event[k + '_facet'] = event[k] if event[k]
			end
		"
	}
}

output {
#	stdout {
#		codec => rubydebug
#	}

	elasticsearch {
		host => "eslogstash.localnet.local"
		port => 9300
		cluster => "eslogstash"
		index => "ubuntu-sys-v1"
		index_type => "%{sys_type}"
	}
}