From cb2e5d38a2e7a12c294b135a2120c7736de0ccc1 Mon Sep 17 00:00:00 2001
From: Jan David Mol <mol@astron.nl>
Date: Fri, 15 Oct 2021 11:13:20 +0200
Subject: [PATCH] L2SS-445: Forward logs from grafana and prometheus to ELK

---
 .../elk/logstash/conf.d/20-parse-grafana.conf    | 16 ++++++++++++++++
 .../elk/logstash/conf.d/21-parse-prometheus.conf | 15 +++++++++++++++
 docker-compose/grafana.yml                       |  6 ++++++
 docker-compose/prometheus.yml                    |  6 ++++++
 4 files changed, 43 insertions(+)
 create mode 100644 docker-compose/elk/logstash/conf.d/20-parse-grafana.conf
 create mode 100644 docker-compose/elk/logstash/conf.d/21-parse-prometheus.conf

diff --git a/docker-compose/elk/logstash/conf.d/20-parse-grafana.conf b/docker-compose/elk/logstash/conf.d/20-parse-grafana.conf
new file mode 100644
index 000000000..37db44fda
--- /dev/null
+++ b/docker-compose/elk/logstash/conf.d/20-parse-grafana.conf
@@ -0,0 +1,16 @@
+filter {
+  if [program] == "grafana" {
+    kv { }
+    mutate {
+      rename => {
+        "t" => "timestamp"
+        "lvl" => "level"
+        "msg" => "message"
+      }
+      uppercase => [ "level" ]
+    }
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+}
diff --git a/docker-compose/elk/logstash/conf.d/21-parse-prometheus.conf b/docker-compose/elk/logstash/conf.d/21-parse-prometheus.conf
new file mode 100644
index 000000000..b8323625f
--- /dev/null
+++ b/docker-compose/elk/logstash/conf.d/21-parse-prometheus.conf
@@ -0,0 +1,15 @@
+filter {
+  if [program] == "prometheus" {
+    kv { }
+    mutate {
+      rename => {
+        "ts" => "timestamp"
+        "msg" => "message"
+      }
+      uppercase => [ "level" ]
+    }
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+}
diff --git a/docker-compose/grafana.yml b/docker-compose/grafana.yml
index b9060c70a..eaddea1e2 100644
--- a/docker-compose/grafana.yml
+++ b/docker-compose/grafana.yml
@@ -23,4 +23,10 @@ services:
     #  - grafana-configs:/etc/grafana
     ports:
       - "3000:3000"
+    logging:
+      driver: syslog
+      options:
+        syslog-address: udp://${HOSTNAME}:1514
+        syslog-format: rfc3164
+        tag: "{{.Name}}"
     restart: unless-stopped
diff --git a/docker-compose/prometheus.yml b/docker-compose/prometheus.yml
index a0971c48f..abec3c84e 100644
--- a/docker-compose/prometheus.yml
+++ b/docker-compose/prometheus.yml
@@ -16,4 +16,10 @@ services:
       - control
     ports:
       - "9090:9090"
+    logging:
+      driver: syslog
+      options:
+        syslog-address: udp://${HOSTNAME}:1514
+        syslog-format: rfc3164
+        tag: "{{.Name}}"
     restart: unless-stopped
-- 
GitLab