Skip to content

Instantly share code, notes, and snippets.

@d34dh0r53

d34dh0r53/logstash-fixup.patch

Created August 8, 2016 21:36
Show Gist options
  • Save d34dh0r53/11e381b4774e24e68ef255e10295be98 to your computer and use it in GitHub Desktop.
Save d34dh0r53/11e381b4774e24e68ef255e10295be98 to your computer and use it in GitHub Desktop.
Download ZIP
logstash-fixup
Raw
logstash-fixup.patch
diff --git a/openstack-ansible b/openstack-ansible
index 5c8dd5b..d1e3e7f 160000
--- a/openstack-ansible
+++ b/openstack-ansible
@@ -1 +1 @@
-Subproject commit 5c8dd5bd8d7898ec7ce977d80c3699c8aa03233a
+Subproject commit d1e3e7f803ef6768abbe8734375eefb128fc7756-dirty
diff --git a/rpcd/playbooks/roles/elasticsearch/defaults/main.yml b/rpcd/playbooks/roles/elasticsearch/defaults/main.yml
index 97184b0..2ee6da6 100644
--- a/rpcd/playbooks/roles/elasticsearch/defaults/main.yml
+++ b/rpcd/playbooks/roles/elasticsearch/defaults/main.yml
@@ -26,8 +26,8 @@ elasticsearch_apt_packages:
- openjdk-7-jre-headless
elasticsearch_pip_packages:
- - elasticsearch>=2.0.0,<3.0.0
- - elasticsearch-curator==4.0.4
+# - elasticsearch>=2.0.0,<3.0.0
+# - elasticsearch-curator==4.0.4
# This sets the cluster name
elasticsearch_cluster: openstack
diff --git a/rpcd/playbooks/roles/filebeat/defaults/main.yml b/rpcd/playbooks/roles/filebeat/defaults/main.yml
index 5c78747..36da7a0 100644
--- a/rpcd/playbooks/roles/filebeat/defaults/main.yml
+++ b/rpcd/playbooks/roles/filebeat/defaults/main.yml
@@ -50,6 +50,7 @@ filebeat_logstash_hosts: "{% for host in groups['logstash_all'] %}{{ hostvars[ho
#
# Date Time PID Level Python Module Id
multiline_openstack_pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
+multiline_keystone_error_pattern: '^[0-9-]{10} +[0-9:\.]+ [0-9-]{10} +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
filebeat_logging_paths:
- paths:
@@ -109,13 +110,23 @@ filebeat_logging_paths:
match: after
- paths:
- '/var/log/keystone/ssl_access.log'
- - '/var/log/keystone/keystone-apache-error.log'
tags:
- openstack
- apache
- apache-access
- keystone
- paths:
+ - '/var/log/keystone/keystone-apache-error.log'
+ tags:
+ - openstack
+ - apache
+ - apache-error
+ - keystone
+ multiline:
+ pattern: "{{ multiline_keystone_error_pattern }}"
+ negate: 'true'
+ match: after
+ - paths:
- '/var/log/neutron/*.log'
document_type: openstack
tags:
@@ -191,7 +202,6 @@ filebeat_logging_paths:
- '/var/log/libvirt/*/*.log'
tags:
- libvirt
- - nova
- paths:
- '/var/log/lxc/*.log'
tags:
diff --git a/rpcd/playbooks/roles/logstash/tasks/logstash_post_install.yml b/rpcd/playbooks/roles/logstash/tasks/logstash_post_install.yml
index 4b28e30..1babcde 100644
--- a/rpcd/playbooks/roles/logstash/tasks/logstash_post_install.yml
+++ b/rpcd/playbooks/roles/logstash/tasks/logstash_post_install.yml
@@ -73,6 +73,7 @@
- 17-rabbitmq.conf
- 18-ceph.conf
- 19-nginx.conf
+ - 98-traceback.conf
- 99-output.conf
notify: Restart Logstash
tags:
diff --git a/rpcd/playbooks/roles/logstash/templates/04-neutron.conf b/rpcd/playbooks/roles/logstash/templates/04-neutron.conf
index 8df15e4..13acfdf 100644
--- a/rpcd/playbooks/roles/logstash/templates/04-neutron.conf
+++ b/rpcd/playbooks/roles/logstash/templates/04-neutron.conf
@@ -6,10 +6,23 @@ filter {
gsub => ['logmessage',"\"",""]
}
grok {
- match => { "logmessage" => "\[(req\-%{NOTSPACE:requestid} |\-)\] %{NOTSPACE:requesterip} \- \- \[%{NOTSPACE:req_date} %{NOTSPACE:req_time}\] %{NOTSPACE:verb} %{NOTSPACE:url_path} %{NOTSPACE:http_ver} %{NUMBER:response} %{NUMBER:bytes:int} %{BASE10NUM:httptime:float}" }
+ match => { "logmessage" => "\[(%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant} \- \- \-|\-)\] %{NOTSPACE:requesterip} \- \- \[%{NOTSPACE:req_date} %{NOTSPACE:req_time}\] %{NOTSPACE:verb} %{NOTSPACE:url_path} %{NOTSPACE:http_ver} %{NUMBER:response} %{NUMBER:bytes:int} %{BASE10NUM:httptime:float}" }
add_tag => ["apimetrics"]
}
}
+ } else if "neutron-ha-tool" in [source] {
+ mutate {
+ add_tag => ["neutron-ha-tool"]
+ remove_tag => ["_grokparsefailure"]
+ }
+ }
+ if "starting" in [message] and "_grokparsefailure" in [tags] {
+ grok {
+ match => { "logmessage" => "\[(%{NOTSPACE:requestid}|\-)\](%{SPACE}\(%{NUMBER:pid}\)) %{GREEDYDATA:servicemessage}" }
+ }
+ mutate {
+ remove_tag => ["_grokparsefailure"]
+ }
}
}
}
diff --git a/rpcd/playbooks/roles/logstash/templates/06-cinder.conf b/rpcd/playbooks/roles/logstash/templates/06-cinder.conf
index eba02a2..09c62fe 100644
--- a/rpcd/playbooks/roles/logstash/templates/06-cinder.conf
+++ b/rpcd/playbooks/roles/logstash/templates/06-cinder.conf
@@ -1,6 +1,6 @@
filter {
if "cinder" in [tags] {
- if [module] == "eventlet.wsgi.server" {
+ if [module] == "cinder.eventlet.wsgi.server" {
if "accepted" not in [logmessage] {
mutate {
gsub => ['logmessage',"\"",""]
diff --git a/rpcd/playbooks/roles/logstash/templates/09-heat.conf b/rpcd/playbooks/roles/logstash/templates/09-heat.conf
index 48971ae..8c22e39 100644
--- a/rpcd/playbooks/roles/logstash/templates/09-heat.conf
+++ b/rpcd/playbooks/roles/logstash/templates/09-heat.conf
@@ -6,13 +6,18 @@ filter {
gsub => ['logmessage',"\"",""]
}
grok {
- match => { "logmessage" => "\[(%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant} \- \- \-|\-)\] %{NOTSPACE:requesterip} \- \- \[%{NOTSPACE:req_date} %{NOTSPACE:req_time}\] %{NOTSPACE:verb} %{NOTSPACE:url_path} %{NOTSPACE:http_ver} %{NUMBER:response} %{NUMBER:bytes:int} %{BASE10NUM:httptime:float}" }
+ match => { "logmessage" => "\[%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE}\] %{NOTSPACE:requesterip} %{NOTSPACE} %{NOTSPACE} \[%{NOTSPACE:req_date} %{NOTSPACE:req_time}\] %{NOTSPACE:verb} %{NOTSPACE:url_path} %{NOTSPACE:http_ver} %{NUMBER:response} %{NUMBER:bytes} %{BASE10NUM:httptime}" }
add_tag => ["apimetrics"]
}
}
mutate {
replace => { "module" => "heat.%{module}" }
}
+ } else if [module] == "heat.engine.service" {
+ grok {
+ match => { "logmessage" => "\[%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{GREEDYDATA:servicemessage}" }
+ add_tag => ["apimetrics"]
+ }
}
}
}
diff --git a/rpcd/playbooks/roles/logstash/templates/14-keystone.conf b/rpcd/playbooks/roles/logstash/templates/14-keystone.conf
index fad34a0..d3113e1 100644
--- a/rpcd/playbooks/roles/logstash/templates/14-keystone.conf
+++ b/rpcd/playbooks/roles/logstash/templates/14-keystone.conf
@@ -11,7 +11,8 @@ filter {
}
} else if "apache-error" in [tags] {
grok {
- match => { "message" => "\[%{APACHE_ERROR_TIMESTAMP:timestamp}\] \[%{DATA:module}:%{DATA:loglevel}\] \[pid %{POSINT:apache_pid}\:tid %{POSINT:apache_tid}\] ?(?:\[client %{IP:clientip}:%{POSINT:clientport}\] )?%{GREEDYDATA:logmessage}" }
+ patterns_dir => ["/opt/logstash/patterns"]
+ match => { "message" => "%{KEYSTONE_SUBSECOND_TIMESTAMP:keystone_subsecond_timestamp} %{STANDARD_TIMESTAMP:standard_timestamp} %{NUMBER:pid} %{DATA:loglevel} %{DATA:module} \[%{DATA:requestid}\] %{WORD:verb} %{NOTSPACE:request}" }
}
mutate {
replace => { "module" => "keystone.error.%{module}" }
diff --git a/rpcd/playbooks/roles/logstash/templates/extras b/rpcd/playbooks/roles/logstash/templates/extras
index d78e033..5afcf24 100644
--- a/rpcd/playbooks/roles/logstash/templates/extras
+++ b/rpcd/playbooks/roles/logstash/templates/extras
@@ -4,3 +4,6 @@ NGINX_ERROR_TIMESTAMP %{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME}
SWIFTPROXY_DATE %{MONTHDAY}/%{MONTH}/%{YEAR}/%{HOUR}/%{MINUTE}/%{SECOND}
SWIFTPROXY_ACCESS %{DATA:clientip} %{DATA:serverip} %{SWIFTPROXY_DATE:timestamp} %{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion} %{NUMBER:response} %{DATA:referrer} %{DATA:agent} %{DATA:swift_auth_token} %{DATA:swift_request_bytes} %{DATA:swift_response_bytes} %{DATA:swift_etag} %{DATA:swift_txn} %{DATA:swift_logged_headers} %{BASE10NUM:swift_trans_time}
+
+KEYSTONE_SUBSECOND_TIMESTAMP %{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}
+STANDARD_TIMESTAMP %{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment