From 6ab91d1ab053306a0d3c31d12a03c2095185a459 Mon Sep 17 00:00:00 2001
From: stedif <stefano.difrischia@inaf.it>
Date: Wed, 2 Mar 2022 11:58:27 +0100
Subject: [PATCH] Revert "L2SS-541: delete mariadb entry from elk"

This reverts commit 43f469ef19d96eca342b7e0c8e58d3b397cd4e3e.
---
 .../logstash/conf.d/23-parse-maria-db.conf    | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 docker-compose/elk/logstash/conf.d/23-parse-maria-db.conf

diff --git a/docker-compose/elk/logstash/conf.d/23-parse-maria-db.conf b/docker-compose/elk/logstash/conf.d/23-parse-maria-db.conf
new file mode 100644
index 000000000..0a23fddd0
--- /dev/null
+++ b/docker-compose/elk/logstash/conf.d/23-parse-maria-db.conf
@@ -0,0 +1,32 @@
+filter {
+  # mark all our mariadb instances
+  grok {
+    match => {
+      "program" => [ "archiver-maria-db", "tangodb" ]
+    }
+    add_tag => [ "mariadb" ]
+  }
+
+  # parse mariadb output
+  if "mariadb" in [tags] {
+    grok {
+      match => {
+        "message" => [
+          "%{TIMESTAMP_ISO8601:timestamp} .%{WORD:level}. %{GREEDYDATA:message}",
+          "%{TIMESTAMP_ISO8601:timestamp} 0 .%{WORD:level}. %{GREEDYDATA:message}"
+        ]
+      }
+      "overwrite" => [ "timestamp", "level", "message" ]
+    }
+    mutate {
+      gsub => [
+        "level", "Note", "Info"
+      ]
+      uppercase => [ "level" ]
+    }
+    date {
+      match => [ "timestamp", "YYYY-MM-dd HH:mm:ssZZ", "YYYY-MM-dd HH:mm:ss", "YYYY-MM-dd  H:mm:ss"  ]
+      timezone => "UTC"
+    }
+  }
+}
-- 
GitLab