summaryrefslogtreecommitdiffstats
path: root/kubernetes/log/charts/log-logstash
diff options
context:
space:
mode:
authorBorislav Glozman <Borislav.Glozman@amdocs.com>2018-04-15 06:25:39 +0000
committerGerrit Code Review <gerrit@onap.org>2018-04-15 06:25:39 +0000
commit2f7a32987d8380a4e24b6c3ad73302cced90dfa2 (patch)
treecc8ceafca9823d8f43f48b9792a07cee378e57c9 /kubernetes/log/charts/log-logstash
parent0bd0a21e48483cc7b2712d03d9723321bb58dac2 (diff)
parentc9c35035bf87f154382d6d097d03936bc76c10db (diff)
Merge "oom component logs missing in Elasticsearch"
Diffstat (limited to 'kubernetes/log/charts/log-logstash')
-rw-r--r--kubernetes/log/charts/log-logstash/resources/config/onap-pipeline.conf60
1 files changed, 33 insertions, 27 deletions
diff --git a/kubernetes/log/charts/log-logstash/resources/config/onap-pipeline.conf b/kubernetes/log/charts/log-logstash/resources/config/onap-pipeline.conf
index 3b4fd768c3..e46d2bac14 100644
--- a/kubernetes/log/charts/log-logstash/resources/config/onap-pipeline.conf
+++ b/kubernetes/log/charts/log-logstash/resources/config/onap-pipeline.conf
@@ -37,8 +37,20 @@ input {
filter {
+ grok {
+ break_on_match => false
+ match => {
+ "source" => ["/var/log/onap/(?<componentName>[^/]+)/",
+ "/var/log/onap/%{GREEDYDATA:componentLogFile}"
+ ]
+ }
+ }
+
# Filter for log4j xml events
if "</log4j:event>" in [message] {
+
+ #mutate { add_field => { "orgmsg_log4j" => "%{message}" } } # Copy of orginal msg for debug
+
#Filter to parse xml event and retrieve data
xml {
source => "message"
@@ -118,7 +130,7 @@ filter {
# Filter for logback events
else {
-# mutate { add_field => { "orgmsg" => "%{message}" } } # Copy of orginal msg for debug
+ #mutate { add_field => { "orgmsg" => "%{message}" } } # Copy of orginal msg for debug
mutate {
gsub => [
@@ -128,50 +140,44 @@ filter {
'message', '\t$', '\t'
]
}
+ # The grok below parses the message field for all current logback patterns used by oom components.
+ # Example logback pattern: %d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}|%X{RequestId}|%msg
+ # Example grok pattern: %{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:message}
+ # Use the following command to find all logback patterns in oom directory: find oom -name "logback*xml" -exec grep "property.*attern.*value" {} \;|sort|uniq
grok {
- break_on_match => false
match => {
- "message" => ["%{TIMESTAMP_ISO8601:Timestamp}\t%{GREEDYDATA:Thread}\t%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}\t%{JAVACLASS:Logger}\t(?:[^\t]+\t)*%{GREEDYDATA:message}",
- "(?<MDCs>.*\t)"
- ]
- "source" => ["/var/log/onap/(?<componentName>[^/]+)/",
- "/var/log/onap/%{GREEDYDATA:componentLogFile}"
- ]
+ "message" => [
+ "%{TIMESTAMP_ISO8601:Timestamp}\\t[%{GREEDYDATA:Thread}]\\t%{GREEDYDATA:loglevel}\\t%{JAVACLASS:Logger}\\t%{GREEDYDATA:MDCs}\\t%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:BeginTimestamp}\|%{TIMESTAMP_ISO8601:EndTimestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:Unknown1}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:TargetEntity}\|%{GREEDYDATA:TargetServiceName}\|%{GREEDYDATA:StatusCode}\|%{GREEDYDATA:ResponseCode}\|%{GREEDYDATA:ResponseDesc}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{GREEDYDATA:Timer}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Unknown2}\|%{GREEDYDATA:Unknown3}\|%{GREEDYDATA:Unknown4}\|%{GREEDYDATA:TargetVirtualEntity}\|%{GREEDYDATA:Unknown5}\|%{GREEDYDATA:Unknown6}\|%{GREEDYDATA:Unknown7}\|%{GREEDYDATA:Unknown8}\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:BeginTimestamp}\|%{TIMESTAMP_ISO8601:EndTimestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:Unknown1}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:StatusCode}\|%{GREEDYDATA:ResponseCode}\|%{GREEDYDATA:ResponseDesc}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{GREEDYDATA:Timer}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Unknown2}\|%{GREEDYDATA:Unknown3}\|%{GREEDYDATA:Unknown4}\|%{GREEDYDATA:Unknown5}\|%{GREEDYDATA:Unknown6}\|%{GREEDYDATA:Unknown7}\|%{GREEDYDATA:Unknown8}\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ServiceName}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Timer}\|\[%{GREEDYDATA:caller}\]\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:Timestamp}\|%{GREEDYDATA:RequestId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:TargetEntity}\|%{GREEDYDATA:TargetServiceName}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:ErrorCode}\|%{GREEDYDATA:ErrorDesc}\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:Timestamp}\|%{GREEDYDATA:RequestId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ClassName}\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:message}",
+ "\[%{TIMESTAMP_ISO8601:Timestamp}\|%{LOGLEVEL:loglevel}\|%{GREEDYDATA:Logger}\|%{GREEDYDATA:Thread}\] %{GREEDYDATA:message}"
+ ]
}
overwrite => ["message"]
}
+ # The MDCs are key value pairs that are seperated by "," or "\t". Extra space characters are trimmed from the keys and values.
kv {
source => "MDCs"
- field_split => "\t"
+ field_split => ",\t"
trim_key => "\s"
trim_value => "\s"
remove_field => [ "MDCs" ]
}
+ if (![Timestamp] and [EndTimestamp]) {
+ mutate { add_field => { "Timestamp" => "%{EndTimestamp}" } }
+ }
date {
match => [ "Timestamp", "ISO8601", "yyyy-MM-dd HH:mm:ss,SSS" ]
target => "Timestamp"
}
- if [source] == "/var/log/onap/aai/aai-ml/metrics.log" {
- csv {
- source => "message"
- separator => "|"
- quote_char => "`"
- columns => ["Begin TS", "End TS", "DuplicateRequestID", "Unknown1", "threadID", "phys/virt server name", "service name", "Partner Name", "Unknown2", "Unknown3", "Unknown4", "Unknown5", "Unknown6", "Unknown7", "Log level", "Unknown8", "Unknown9", "Status code", "Server", "Unknown10", "Unknown11", "Unknown12", "Unknown13", "Unknown14", "Unknown15", "Unknown16", "Unknown17", "Unknown18", "message"]
- }
- }
- else if [source] == "/var/log/onap/aai/aai-ml/audit.log" {
- csv {
- source => "message"
- separator => "|"
- quote_char => "`"
- columns => ["Begin TS", "End TS", "DuplicateRequestID", "Unknown1", "threadID", "phys/virt server name", "service name", "Partner Name", "Unknown2", "Unknown3", "Unknown4", "Unknown5", "Log level", "Unknown6", "Unknown7", "Status code", "Server", "Unknown10", "Unknown11", "Unknown12", "Unknown13", "Unknown14", "Unknown15", "Unknown16", "Unknown17", "message"]
- }
- }
-
mutate {
- remove_field => ["DuplicateRequestID", "Unknown1", "Unknown2", "Unknown3", "Unknown4", "Unknown5", "Unknown6", "Unknown7", "Unknown8", "Unknown9", "Unknown10", "Unknown11", "Unknown12", "Unknown13", "Unknown14", "Unknown15", "Unknown16", "Unknown17", "Unknown18"]
+ remove_field => ["DuplicateRequestID", "Unknown1", "Unknown2", "Unknown3", "Unknown4", "Unknown5", "Unknown6", "Unknown7", "Unknown8"]
}
if ([source] == "/var/log/onap/sdc/sdc-be/audit.log") {