transforms.yaml
No OneTemporary
Actions

Authored By

Unknown

Size

2 KB

Referenced Files

None

Subscribers

None

transforms.yaml
View Options

	transforms:
	apps:
	type: route
	inputs:
	- input
	reroute_unmatched: true
	route:
	roundcube: contains!(.pod_name, "roundcube")
	proxy: contains!(.pod_name, "proxy")
	kolab: contains!(.pod_name, "kolab")
	postfix: contains!(.pod_name, "postfix")
	imap: contains!(.pod_name, "imap")
	parse_kolab:
	type: remap
	inputs:
	- apps.kolab
	source: \|
	if is_empty(.log) {
	abort
	}
	structured = parse_logfmt(.log) ?? {}
	. = merge(., structured)
	.timestamp = parse_timestamp(.timestamp, "%Y/%m/%d %H:%M:%S %z") ?? now()
	parse_roundcube:
	type: remap
	inputs:
	- apps.roundcube
	source: \|
	structured = parse_regex(.log, pattern: r'^(?<host>[^ ]+) (?<l>[^ ]+) (?<u>[^ ]+) \[(?<time>[^\]]+)\] (?<duration>[^ ]+) "(?<request>[^"]+)" (?<status>[^ ]+) .*$') ?? parse_logfmt(.log) ?? {}
	. = merge(., structured)
	.timestamp = parse_timestamp(.timestamp, "%Y/%m/%d %H:%M:%S %z") ?? now()
	parse_imap:
	type: remap
	inputs:
	- apps.imap
	source: \|
	# Drop noisy saslauthd debug messages
	if contains(string!(.log), "accept lock") {
	abort
	}
	structured = parse_regex(.log, pattern: r'^(?<time>[^ ]+ [0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]) (?<host>[^ ]+) (?<facility>[^ ]+) (?<program>.)\[(?<pid>[0-9]+)\]( )?: (?<log>.*)$') ?? {}
	. = merge(., structured)
	.timestamp = parse_timestamp(.timestamp, "%Y/%m/%d %H:%M:%S %z") ?? now()
	parse_proxy:
	type: remap
	inputs:
	- apps.proxy
	source: \|
	structured = parse_regex(.log, pattern: r'^(?<remote>[^ ]) (?<host>[^ ]) (?<user>[^ ]) \[(?<time>[^\]])\] "(?<method>\S+)(?: +(?<path>[^\"]?)(?: +\S)?)?" (?<code>[^ ]) (?<size>[^ ])(?: "(?<referer>[^\"])" "(?<agent>[^\"])")') ?? {}
	. = merge(., structured)
	.timestamp = parse_timestamp(.timestamp, "%Y/%m/%d %H:%M:%S %z") ?? now()
	parse_postfix:
	type: remap
	inputs:
	- apps.postfix
	source: \|
	if .container_name == "metricsexporter" {
	abort
	}
	# Drop noisy saslauthd debug messages
	if contains(string!(.log), "accept lock") {
	abort
	}
	structured = parse_regex(.log, pattern: r'^(?<time>[^ ]+ [0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]) (?<host>[^ ]+) (?<process>[^:]+): (?<log>((?<key>[^ :]+)[ :])? ?((to\|from)=<(?<address>[^>]+)>)?.*)$') ?? {}
	. = merge(., structured)
	.timestamp = parse_timestamp(.timestamp, "%Y/%m/%d %H:%M:%S %z") ?? now()
	parse_unmatched:
	type: remap
	inputs:
	- apps._unmatched
	source: \|
	.timestamp = parse_timestamp(.timestamp, "%Y/%m/%d %H:%M:%S %z") ?? now()

File Metadata

Mime Type: text/plain
Expires: Sat, Apr 4, 9:02 AM (2 w, 6 d ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18823383
Default Alt Text: transforms.yaml (2 KB)

transforms.yamlNo OneTemporaryActions

transforms.yamlView Options

File Metadata

Event Timeline

transforms.yaml
No OneTemporary
Actions

transforms.yaml
View Options