From 5770730f1eec1da9687ace2b69ccae9dd2c2b0a0 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Mon, 8 Apr 2013 20:18:28 -0700
Subject: [PATCH] Parse Jenkins' log timestamps with logstash.

* modules/openstack_project/templates/logstash/agent.conf.erb: Use the
grok, date, and mutate filters to transform Jenkins' logs from
"2013-04-08 22:46:43.659 | Started by user OpenStack Hudson" to

  @timestamp: 2013-04-08 22:46:43.659
  @message: Started by user OpenStack Hudson

Change-Id: I6aac49b4717f25838c13a2563360d03e40bb19e3
Reviewed-on: https://review.openstack.org/26446
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
---
 agent.conf.erb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/agent.conf.erb b/agent.conf.erb
index fc639a3..6a13b0f 100644
--- a/agent.conf.erb
+++ b/agent.conf.erb
@@ -8,4 +8,23 @@ input {
   }
 }
 
+# You can check grok patterns at http://grokdebug.herokuapp.com/
+filter {
+  grok {
+    type => "jenkins_console"
+    pattern => [ "%{DATESTAMP:logdate} \| %{GREEDYDATA:logmessage}" ]
+    add_field => [ "received_at", "%{@timestamp}" ]
+  }
+  date {
+    type => "jenkins_console"
+    exclude_tags => "_grokparsefailure"
+    match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS" ]
+  }
+  mutate {
+    type => "jenkins_console"
+    exclude_tags => "_grokparsefailure"
+    replace => [ "@message", "%{logmessage}" ]
+  }
+}
+
 <%= scope.function_template(['openstack_project/logstash/redis-output.conf.erb']) %>