cvat/analytics/logstash/logstash.conf

input {
  tcp {
    port => 5000
    codec => json
  }
}

filter {
  if [logger_name] =~ /cvat.client/ {
    # 1. Decode the event from json in 'message' field
    # 2. Remove unnecessary field from it
    # 3. Type it as client
    json {
      source => "message"
    }

    date {
      match => ["timestamp", "UNIX", "UNIX_MS"]
      remove_field => "timestamp"
    }

    if [event] == "Send exception" {
      aggregate {
        task_id => "%{userid}_%{application}_%{message}_%{filename}_%{line}"
        code => "
          require 'time'

          map['userid'] ||= event.get('userid');
          map['application'] ||= event.get('application');
          map['message'] ||= event.get('message');
          map['filename'] ||= event.get('filename');
          map['line'] ||= event.get('line');
          map['task'] ||= event.get('task');

          map['error_count'] ||= 0;
          map['error_count'] += 1;

          map['aggregated_message'] ||= '';
          time = Time.strptime(event.get('timestamp').to_s,'%Q').localtime('+03:00')
          map['aggregated_message'] += time.to_s + '\n' +  event.get('stack') + '\n\n\n';"

        timeout => 3600
        timeout_tags => ['send_email_notification']
        push_map_as_event_on_timeout => true
      }
    }

    prune {
      blacklist_names => ["level", "host", "logger_name", "message", "path",
        "port", "stack_info"]
    }

    mutate {
      replace => { "type" => "client" }
    }
  } else if [logger_name] =~ /cvat.server/ {
    # 1. Remove unnecessary field from it
    # 2. Type it as server
    prune {
      blacklist_names => ["host", "port"]
    }

    mutate {
      replace => { "type" => "server" }
    }
  }
}

output {
  stdout {
    codec => rubydebug
  }

  if [type] == "client" {
    elasticsearch {
      hosts => ["elasticsearch:9200"]
      index => "cvat.client"
    }
  } else if [type] == "server" {
    elasticsearch {
      hosts => ["elasticsearch:9200"]
      index => "cvat.server"
    }
  }
}