|1 week ago|
|.github/workflows||4 months ago|
|build||5 months ago|
|output||2 weeks ago|
|playbooks||2 weeks ago|
|samples||2 weeks ago|
|src||2 weeks ago|
|zuul.d||4 weeks ago|
|.flake8||3 weeks ago|
|.gitignore||3 weeks ago|
|.gitreview||2 months ago|
|.pre-commit-config.yaml||3 weeks ago|
|.yamllint.yaml||4 months ago|
|LICENSE||5 months ago|
|README.md||1 week ago|
|ansible.cfg||4 weeks ago|
|bindep.txt||4 weeks ago|
|hosts||4 weeks ago|
|requirements.in||3 weeks ago|
|requirements.txt||3 weeks ago|
|requirements.yml||4 weeks ago|
|tox.ini||3 weeks ago|
Hosts reusable log queries which are built into a single queries.json file.
Queries are defined using the data model from src/model.py which builds a JSON Validation schema, making easy to validate the file.
One example of file can be seen at queries-example.yml
Pattern is supposed to be an exact string match and if multiple are present
we could easily convert them into a regex or logstash expression that uses
On elastic-rechheck queries we have cases with multiple entries used on
message:foo AND message:bar. This is why we also allow
a list of strings.
A query can have only one category out of a determined list of possible
code are allowed. These can be used to
list found matches in section, making them easier to read.
Tags are also used to build the logstash queries. List of known values already used inside elastic-recheck queries:
tags: - console - console.html - devstack-gate-setup-host.txt - grenade.sh.txt - job-output.txt - screen-c-api.txt - screen-c-bak.txt - screen-n-cpu.txt - screen-n-sch.txt - screen-q-agt.txt - syslog.txt
When logstash query is build
OR is used between multiple tags.
We do not currently support the exclusions like below (2/93 found):
query: >- message:"RESULT_TIMED_OUT: [untrusted : git.openstack.org/openstack/tempest/playbooks/devstack-tempest.yaml@master]" AND tags:"console" AND NOT (build_name:"tempest-all" OR build_name:"tempest-slow" OR build_name:"tempest-slow-py3") query2: >- (message: "FAILED with status: 137" OR message: "FAILED with status: 143" OR message: "RUN END RESULT_TIMED_OUT") AND NOT message:"POST-RUN END RESULT_TIMED_OUT" AND tags: "console"
To allow us to cover for corner cases not covered byt the generic format,
we could have an optional
logstash key that mentions the query. When this
would be present, we woudl avoid building the logstash query ourselves and
just use it.
To avoid using a particular query on a particular backend we can make use of
skip: ['er', 'artcl'].