openstack/openstack-ansible-ops
Code Issues Proposed changes

Drop oslofmt tag from checks

Browse Source 
The filebeat does not ship anything tagged with oslofmt, the
openstack tag gives us all we need to parse things correctly.

Change-Id: I614e4bc5d85559540a9d616407da993ed90de87e
This commit is contained in:
Mohammed Naser 2018-09-23 16:48:11 -04:00
parent 48d7b08773
commit eb4e6731b5
1 changed files with 10 additions and 12 deletions

22
elk_metrics_6x/templates/logstash-pipelines.yml.j2

@ -173,19 +173,17 @@
} }
} }
} else if "openstack" in [tags] { } else if "openstack" in [tags] {
if "oslofmt" in [tags] { if "Can not find policy directory: policy.d" in [message] {
if "Can not find policy directory: policy.d" in [message] { drop { }
drop { } }
} grok {
grok { match => {
match => { "message" => [
"message" => [ "^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \[?\b%{NOTSPACE:module}\b\]?%{SPACE}?%{GREEDYDATA:logmessage}?",
"^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \[?\b%{NOTSPACE:module}\b\]?%{SPACE}?%{GREEDYDATA:logmessage}?", "^%{CISCOTIMESTAMP:journalddate}%{SPACE}%{SYSLOGHOST:host}%{SPACE}%{SYSLOGPROG:prog}%{SPACE}%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}%{SPACE}%{NOTSPACE:loglevel}%{SPACE}%{NOTSPACE:module}%{SPACE}%{GREEDYDATA:logmessage}"
"^%{CISCOTIMESTAMP:journalddate}%{SPACE}%{SYSLOGHOST:host}%{SPACE}%{SYSLOGPROG:prog}%{SPACE}%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}%{SPACE}%{NOTSPACE:loglevel}%{SPACE}%{NOTSPACE:module}%{SPACE}%{GREEDYDATA:logmessage}" ]
]
}
add_field => { "received_at" => "%{@timestamp}" }
} }
add_field => { "received_at" => "%{@timestamp}" }
} }
if "nova" in [tags] { if "nova" in [tags] {
mutate { mutate {