update logstash filters for alb_access logs

Hopefully this gets rid of the cruft that the cloudfoundry pipelines
add.

config/logit/filters.d/10_base.conf

@@ -1,5 +1,7 @@
-mutate {
-  add_field => [ "type", "syslog" ]
+if [type] != 'alb_access' {
+    mutate {
+        add_field => [ "type", "syslog" ]
+    }
 }
 
 #

config/logit/filters.d/99_clean_alb_access.conf

@@ -0,0 +1,14 @@
+#
+# Fix up the datapoints for the alb_access log type
+#
+if [@input] == "alb_access" {
+    ## remove extraneous fields
+    mutate {
+        remove_field => [ '[@shipper][name]', '[@source][component]', '[@source][type]' ]
+    }
+
+    ## set @type
+    mutate {
+        replace => { "@type" => "alb_access" }
+    }
+}

config/logit/output/generated_logit_filters.conf

@@ -1,6 +1,8 @@
 filter {
-  mutate {
-    add_field => [ "type", "syslog" ]
+  if [type] != 'alb_access' {
+      mutate {
+          add_field => [ "type", "syslog" ]
+      }
   }
 
   #
@@ -1329,4 +1331,18 @@ filter {
     match => [ "[vxlan_policy_agent][timestamp]", "dd/MMMM/yyyy:HH:mm:ss Z", "dd/MMM/yyyy:HH:mm:ss Z", "ISO8601", "UNIX" ]
     target => "@timestamp"
   }
+  #
+  # Fix up the datapoints for the alb_access log type
+  #
+  if [@input] == "alb_access" {
+      ## remove extraneous fields
+      mutate {
+          remove_field => [ '[@shipper][name]', '[@source][component]', '[@source][type]' ]
+      }
+
+      ## set @type
+      mutate {
+          replace => { "@type" => "alb_access" }
+      }
+  }
 }

scripts/generate_logit_filters.sh

@@ -25,6 +25,7 @@ echo "filter {" > /output/generated_logit_filters.conf
     sed 's/^/  /' < /mnt/config/logit/filters.d/20_custom_cf_filters.conf
     sed 's/^/  /' < /mnt/config/logit/filters.d/21_paas_billing_filters.conf
     sed 's/^/  /' < /mnt/config/logit/filters.d/30_various_timestamps.conf
+    sed 's/^/  /' < /mnt/config/logit/filters.d/99_clean_alb_access.conf
     echo "}"
 } >> /output/generated_logit_filters.conf