L2SS-445: Forward logs from tango-rest and archiver-maria-db and hdbpp to ELK

6e793231 · Jan David Mol · cb2e5d38 · 6e793231 · 6e793231
Commit 6e793231 authored 3 years ago by Jan David Mol
--- a/docker-compose/elk/logstash/conf.d/22-parse-tango-rest.conf
+++ b/docker-compose/elk/logstash/conf.d/22-parse-tango-rest.conf
+filter {
+  if [program] == "tango-rest" {
+    grok {
+      match => {
+        "message" => "%{TIMESTAMP_ISO8601:timestamp} %{WORD:level} %{GREEDYDATA:message}"
+      }
+      "overwrite" => [ "timestamp", "level", "message" ]
+    }
+    date {
+      match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS" ]
+      timezone => "UTC"
+    }
+  }
+}
--- a/docker-compose/elk/logstash/conf.d/23-parse-archiver-maria-db.conf
+++ b/docker-compose/elk/logstash/conf.d/23-parse-archiver-maria-db.conf
+filter {
+  if [program] == "archiver-maria-db" {
+    grok {
+      match => {
+        "message" => [
+          "%{TIMESTAMP_ISO8601:timestamp} .%{WORD:level}. %{GREEDYDATA:message}",
+          "%{TIMESTAMP_ISO8601:timestamp} 0 .%{WORD:level}. %{GREEDYDATA:message}"
+        ]
+      }
+      "overwrite" => [ "timestamp", "level", "message" ]
+    }
+    mutate {
+      gsub => [
+        "level", "Note", "Info"
+      ]
+      uppercase => [ "level" ]
+    }
+    date {
+      match => [ "timestamp", "YYYY-MM-dd HH:mm:ssZZ", "YYYY-MM-dd HH:mm:ss", "YYYY-MM-dd  H:mm:ss"  ]
+      timezone => "UTC"
+    }
+  }
+}