-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathimport_tsaclaims.conf
47 lines (40 loc) · 1.1 KB
/
import_tsaclaims.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
input { stdin { } }
filter {
# DEFINE THE COLUMNS OF THE CSV
csv {
columns => ["Claim Number", "Date Received", "Incident Date", "Airport Code", "Airport Name", "Airline Name",
"Claim Type", "Claim Site", "Item Category", "CloseAmount", "Disposition"
]
separator => ";"
}
# ATTEMPT TO MATCH DEPARTURE/DESTINATION WITH GEO COORDINATES
#geoEnrich {
# database => "lookup_data/airports.csv"
# source => "Airport Code"
# target => "AirportGeoPoint"
#}
date {
match => ["Date Received", 'd-M-y']
target => "Date Received"
locale => "en"
}
date {
match => ["Incident Date", 'd-M-y']
target => "Incident Date"
locale => "en"
}
# CLOSING AMOUNT IS REPORTED IN CENTS, CONVERT TO DOLLARS
ruby {
code => " event['CloseAmount'] = event['CloseAmount'].to_i / 100 "
}
}
output {
elasticsearch {
index => "tsaclaims"
# Hosts defaults to localhost
#hosts => ""
#user => ""
#password => ""
}
#stdout { codec => json }
}