refs #2417 adds filebeat yaml

etc/filebeat/filebeat.yml

@@ -13,6 +13,7 @@ output.elasticsearch:
   username: "admin"
   password: "${OPENSEARCH_INITIAL_ADMIN_PASSWORD}"
   protocol: "https"
+  pipeline: "filebeat_opengnsys_pipeline"
   ssl.enabled: true
   ssl.verification_mode: full
   ssl.certificate: "/etc/filebeat/ogagent-fb.${SUBDOMAIN}.crt.pem"

etc/opensearch/pipelines.json

@@ -590,6 +590,55 @@
       }
     ]
   },
+  "filebeat_opengnsys_pipeline": {
+    "description": "Parsea logs JSON de opengnsys y extrae loggedin/loggedout con sus datos",
+    "processors": [
+      {
+        "json": {
+          "field": "message",
+          "target_field": "parsed_json",
+          "ignore_failure": true
+        }
+      },
+      {
+        "set": {
+          "field": "parsed_json.host",
+          "value": "{{host.hostname}}",
+          "ignore_empty_value": true
+        }
+      },
+      {
+        "set": {
+          "field": "parsed_json.agent",
+          "value": "{{agent.name}}",
+          "ignore_empty_value": true
+        }
+      },
+      {
+        "set": {
+          "field": "parsed_json.ip",
+          "value": "{{host.ip.0}}",
+          "ignore_empty_value": true
+        }
+      },
+      {
+        "grok": {
+          "field": "parsed_json.message",
+          "patterns": [
+            "Requesting using POST %{URIPROTO}://%{IPORHOST}:%{NUMBER}/opengnsys/rest/ogagent/%{WORD:parsed_json.ogagent_action}, data: %{GREEDYDATA:parsed_json.ogagent_data}"
+          ],
+          "ignore_failure": true
+        }
+      },
+      {
+        "json": {
+          "field": "parsed_json.ogagent_data",
+          "target_field": "parsed_json.ogagent_parsed",
+          "ignore_failure": true
+        }
+      }
+    ]
+  },
   "copy-message-pipeline" : {
     "description" : "Pipeline que copia el campo message a message_raw",
     "processors" : [