securityonion/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja

{%- from 'logstash/map.jinja' import LOGSTASH_MERGED %}
{%- if grains.role in ['so-heavynode', 'so-receiver'] %}
  {%- set HOST = GLOBALS.hostname %}
{%- else %}
  {%- set HOST = GLOBALS.manager %}
{%- endif %}
{%- set REDIS_PASS = salt['pillar.get']('redis:config:requirepass') %}
{% if LOGSTASH_MERGED.get('latency_metrics', False) %}
filter {
  ruby {
    code => "event.set('[_tmp][logstash_to_redis]', Time.now().utc.iso8601(3));"
  }
}
{% endif %}
output {
	redis {
		host => '{{ HOST }}'
		port => 6379
		data_type => 'list'
		key => 'logstash:unparsed'
		congestion_interval => 1
		congestion_threshold => 50000000
		batch => true
		batch_events => {{ BATCH }}
		password => '{{ REDIS_PASS }}'
	}
}