Skip to content

Instantly share code, notes, and snippets.

@wardbekker

wardbekker/squid2_parser_sans_profiler.json

Last active September 27, 2017 16:02
Show Gist options
  • Save wardbekker/62249242bd30af9ea79befcc67883d0a to your computer and use it in GitHub Desktop.
Save wardbekker/62249242bd30af9ea79befcc67883d0a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
squid2_parser_sans_profiler.json
{
"parserClassName": "org.apache.metron.parsers.GrokParser",
"filterClassName": null,
"sensorTopic": "squid2",
"writerClassName": null,
"errorWriterClassName": null,
"invalidWriterClassName": null,
"readMetadata": false,
"mergeMetadata": false,
"numWorkers": null,
"numAckers": null,
"spoutParallelism": 1,
"spoutNumTasks": 1,
"parserParallelism": 1,
"parserNumTasks": 1,
"errorWriterParallelism": 1,
"errorWriterNumTasks": 1,
"spoutConfig": {},
"securityProtocol": null,
"stormConfig": {},
"parserConfig": {
"grokPath": "/patterns/squid",
"patternLabel": "SQUID_DELIMITED",
"timestampField": "timestamp"
},
"fieldTransformations": [
{
"input": [],
"output": [
"full_hostname",
"domain_without_subdomains",
"is_alert"
],
"transformation": "STELLAR",
"config": {
"full_hostname": "URL_TO_HOST(url)",
"domain_without_subdomains": "DOMAIN_REMOVE_SUBDOMAINS(full_hostname)",
"is_alert": true
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment