From 6e793231d86e3e9acf7d438597f1fb905557621a Mon Sep 17 00:00:00 2001
From: Jan David Mol <mol@astron.nl>
Date: Fri, 15 Oct 2021 12:51:54 +0200
Subject: [PATCH] L2SS-445: Forward logs from tango-rest and archiver-maria-db
and hdbpp to ELK
---
.../logstash/conf.d/22-parse-tango-rest.conf | 14 +++++++++++
.../conf.d/23-parse-archiver-maria-db.conf | 23 +++++++++++++++++++
2 files changed, 37 insertions(+)
create mode 100644 docker-compose/elk/logstash/conf.d/22-parse-tango-rest.conf
create mode 100644 docker-compose/elk/logstash/conf.d/23-parse-archiver-maria-db.conf
diff --git a/docker-compose/elk/logstash/conf.d/22-parse-tango-rest.conf b/docker-compose/elk/logstash/conf.d/22-parse-tango-rest.conf
new file mode 100644
index 000000000..5df0cd92b
--- /dev/null
+++ b/docker-compose/elk/logstash/conf.d/22-parse-tango-rest.conf
@@ -0,0 +1,14 @@
+filter {
+ if [program] == "tango-rest" {
+ grok {
+ match => {
+ "message" => "%{TIMESTAMP_ISO8601:timestamp} %{WORD:level} %{GREEDYDATA:message}"
+ }
+ "overwrite" => [ "timestamp", "level", "message" ]
+ }
+ date {
+ match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS" ]
+ timezone => "UTC"
+ }
+ }
+}
diff --git a/docker-compose/elk/logstash/conf.d/23-parse-archiver-maria-db.conf b/docker-compose/elk/logstash/conf.d/23-parse-archiver-maria-db.conf
new file mode 100644
index 000000000..4be7853e6
--- /dev/null
+++ b/docker-compose/elk/logstash/conf.d/23-parse-archiver-maria-db.conf
@@ -0,0 +1,23 @@
+filter {
+ if [program] == "archiver-maria-db" {
+ grok {
+ match => {
+ "message" => [
+ "%{TIMESTAMP_ISO8601:timestamp} .%{WORD:level}. %{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:timestamp} 0 .%{WORD:level}. %{GREEDYDATA:message}"
+ ]
+ }
+ "overwrite" => [ "timestamp", "level", "message" ]
+ }
+ mutate {
+ gsub => [
+ "level", "Note", "Info"
+ ]
+ uppercase => [ "level" ]
+ }
+ date {
+ match => [ "timestamp", "YYYY-MM-dd HH:mm:ssZZ", "YYYY-MM-dd HH:mm:ss", "YYYY-MM-dd H:mm:ss" ]
+ timezone => "UTC"
+ }
+ }
+}
--
GitLab