7f1248fee5
Currently the logs tagged with infra.mariadb.xinetd flow into elasticsearch with no hostname or programname attach, thus making navigating the logs very hard. The quick fix is renaming the tag to infra.mariadb-xinetd, which is just enought to ensure the logs are processed correctly with the existing filters. TrivialFix Change-Id: Icd72206de7c1f701bdf35c8fb3b128ef2dbe29a8
27 lines
876 B
Django/Jinja
27 lines
876 B
Django/Jinja
# mysqld and its wrapper script mysqld_safe output logs using a different timestamp.
|
|
# Defer parsing the logs until the different formats have been retagged.
|
|
<source>
|
|
@type tail
|
|
path /var/log/kolla/mariadb/mariadb.log
|
|
pos_file /var/run/{{ fluentd_binary }}/mariadb.pos
|
|
tag infra.mariadb
|
|
format multiline
|
|
format_firstline /^(\d{4}-\d{2}-\d{2}|\d{6}) /
|
|
format1 /^(?<Payload>.*)/
|
|
enable_watch_timer false
|
|
</source>
|
|
<source>
|
|
@type tail
|
|
path /var/log/kolla/mariadb/xinetd.log
|
|
pos_file /var/run/{{ fluentd_binary }}/mariadb-xinetd.pos
|
|
tag infra.mariadb-xinetd
|
|
format multiline
|
|
format_firstline /^\d{2}/\d{1,2}/\d{1,2}@\d{1,2}:\d{1,2}:\d{1,2}\: (START|EXIT)\: /
|
|
format1 /^(?<Timestamp>\S+) (?<Payload>.*)?$/
|
|
time_key Timestamp
|
|
keep_time_key true
|
|
time_format %y/%m/%d@%T
|
|
ignore_repeated_permission_error true
|
|
enable_watch_timer false
|
|
</source>
|