logstash-input-algolialogs.conf

input {
  algolialogs {
    application_id => "YOUR_APPID"
    api_key => "YOUR_APIKEY"
    length => 1000
    interval => 60
  }
}

filter {

	# add geoip informations
	geoip {
		source => "ip"
	}

	# transform params to be searchable
	ruby {
		code => "require 'cgi'
		if (event['query_params'])
			event['query_params'] = CGI::parse(event['query_params'])
		end"
	}

	# parse headers and keep just necessary
	ruby {
		code => "require 'net/http'
		event['headers'] = {}
        event['query_headers'].each_line { |line| 
          params = line.split(': ')
          if (params[0] == 'User-Agent' || params[0] == 'Referer' || params[0] == 'Origin')
          	event['headers'][params[0].downcase] = params[1]
          end
        }"
	}

	# translate user agent
	useragent {
    	source => "[headers][user-agent]"
    	target => "[headers][useragent]"
	}

	# remove unusual fields and convert some string to integer
	mutate {
		remove_field => [ "answer", "url", "ip", "[headers][user-agent]", "query_body", "query_headers"]
		convert => { "nb_api_calls" => "integer" }
		convert => { "processing_time_ms" => "integer" }
		convert => { "query_nb_hits" => "integer" }
	}
}

output {
  stdout {
    codec => rubydebug
  }
}