Browse Source

Show examples from Cybera.

Micheal Jones 4 years ago
parent
commit
a0d274373c

+ 4
- 0
README.md View File

@@ -2,3 +2,7 @@ tools-logging
2 2
 =============
3 3
 
4 4
 OpenStack Logging Tools
5
+
6
+logstash
7
+
8
+Example dashboards for Kibana and logging configurations for logstash.

+ 4
- 0
logstash/basic/README.md View File

@@ -0,0 +1,4 @@
1
+# Basic
2
+
3
+Basic logstash config and filters for ingesting most logs from OpenStack services. Courtesy Kris Lindgren from GoDaddy.
4
+

logstash/kibana.json → logstash/basic/kibana.json View File


logstash/logstash.conf → logstash/basic/logstash.conf View File


+ 496
- 0
logstash/cybera/DefaultView.json View File

@@ -0,0 +1,496 @@
1
+{
2
+  "title": "Default View",
3
+  "services": {
4
+    "query": {
5
+      "list": {
6
+        "0": {
7
+          "query": "\"region1\"",
8
+          "alias": "region1 Logs",
9
+          "color": "#7EB26D",
10
+          "id": 0,
11
+          "pin": false,
12
+          "type": "lucene",
13
+          "enable": true
14
+        },
15
+        "1": {
16
+          "id": 1,
17
+          "color": "#EAB839",
18
+          "alias": "Region2 Logs",
19
+          "pin": false,
20
+          "type": "lucene",
21
+          "enable": true,
22
+          "query": "\"region2\""
23
+        },
24
+        "2": {
25
+          "id": 2,
26
+          "color": "#7EB26D",
27
+          "alias": "Instances Spawned",
28
+          "pin": false,
29
+          "type": "lucene",
30
+          "enable": true,
31
+          "query": "\"Instance spawned successfully\""
32
+        },
33
+        "3": {
34
+          "id": 3,
35
+          "color": "#EAB839",
36
+          "alias": "Instances Destroyed",
37
+          "pin": false,
38
+          "type": "lucene",
39
+          "enable": true,
40
+          "query": "\"Instance destroyed successfully\""
41
+        },
42
+        "4": {
43
+          "id": 4,
44
+          "color": "#6ED0E0",
45
+          "alias": "Snapshots created",
46
+          "pin": false,
47
+          "type": "lucene",
48
+          "enable": true,
49
+          "query": "\"Snapshot image upload complete\""
50
+        },
51
+        "5": {
52
+          "id": 5,
53
+          "color": "#1F78C1",
54
+          "alias": "Volumes Created",
55
+          "pin": false,
56
+          "type": "lucene",
57
+          "enable": true,
58
+          "query": "\"created -using\" AND loglevel:\"INFO\" AND module:\"cinder.volume.flows.create_volume\""
59
+        },
60
+        "6": {
61
+          "id": 6,
62
+          "color": "#BA43A9",
63
+          "alias": "Volumes Deleted",
64
+          "pin": false,
65
+          "type": "lucene",
66
+          "enable": true,
67
+          "query": "\"deleted\" AND loglevel:\"INFO\" AND module:\"cinder.volume.manager\""
68
+        }
69
+      },
70
+      "ids": [
71
+        0,
72
+        1,
73
+        2,
74
+        3,
75
+        4,
76
+        5,
77
+        6
78
+      ]
79
+    },
80
+    "filter": {
81
+      "list": {
82
+        "0": {
83
+          "type": "time",
84
+          "field": "@timestamp",
85
+          "from": "now-30d",
86
+          "to": "now",
87
+          "mandate": "must",
88
+          "active": true,
89
+          "alias": "",
90
+          "id": 0
91
+        }
92
+      },
93
+      "ids": [
94
+        0
95
+      ]
96
+    }
97
+  },
98
+  "rows": [
99
+    {
100
+      "title": "Graph",
101
+      "height": "250px",
102
+      "editable": true,
103
+      "collapse": false,
104
+      "collapsable": true,
105
+      "panels": [
106
+        {
107
+          "span": 12,
108
+          "editable": true,
109
+          "group": [
110
+            "default"
111
+          ],
112
+          "type": "histogram",
113
+          "mode": "count",
114
+          "time_field": "@timestamp",
115
+          "value_field": null,
116
+          "auto_int": false,
117
+          "resolution": 100,
118
+          "interval": "1d",
119
+          "fill": 3,
120
+          "linewidth": 3,
121
+          "timezone": "browser",
122
+          "spyable": true,
123
+          "zoomlinks": true,
124
+          "bars": false,
125
+          "stack": false,
126
+          "points": true,
127
+          "lines": false,
128
+          "legend": true,
129
+          "x-axis": true,
130
+          "y-axis": true,
131
+          "percentage": false,
132
+          "interactive": true,
133
+          "queries": {
134
+            "mode": "selected",
135
+            "ids": [
136
+              2,
137
+              3,
138
+              4,
139
+              5,
140
+              6
141
+            ]
142
+          },
143
+          "title": "Events over time",
144
+          "intervals": [
145
+            "auto",
146
+            "1s",
147
+            "1m",
148
+            "5m",
149
+            "10m",
150
+            "30m",
151
+            "1h",
152
+            "3h",
153
+            "12h",
154
+            "1d",
155
+            "1w",
156
+            "1M",
157
+            "1y"
158
+          ],
159
+          "options": true,
160
+          "tooltip": {
161
+            "value_type": "cumulative",
162
+            "query_as_alias": true
163
+          },
164
+          "scale": 1,
165
+          "y_format": "none",
166
+          "grid": {
167
+            "max": null,
168
+            "min": 0
169
+          },
170
+          "annotate": {
171
+            "enable": false,
172
+            "query": "*",
173
+            "size": 20,
174
+            "field": "_type",
175
+            "sort": [
176
+              "_score",
177
+              "desc"
178
+            ]
179
+          },
180
+          "pointradius": 5,
181
+          "show_query": true,
182
+          "legend_counts": true,
183
+          "zerofill": false,
184
+          "derivative": false
185
+        },
186
+        {
187
+          "span": 12,
188
+          "editable": true,
189
+          "group": [
190
+            "default"
191
+          ],
192
+          "type": "histogram",
193
+          "mode": "count",
194
+          "time_field": "@timestamp",
195
+          "value_field": null,
196
+          "auto_int": true,
197
+          "resolution": 100,
198
+          "interval": "12h",
199
+          "fill": 3,
200
+          "linewidth": 3,
201
+          "timezone": "browser",
202
+          "spyable": true,
203
+          "zoomlinks": true,
204
+          "bars": false,
205
+          "stack": false,
206
+          "points": false,
207
+          "lines": true,
208
+          "legend": true,
209
+          "x-axis": true,
210
+          "y-axis": true,
211
+          "percentage": false,
212
+          "interactive": true,
213
+          "queries": {
214
+            "mode": "selected",
215
+            "ids": [
216
+              0,
217
+              1
218
+            ]
219
+          },
220
+          "title": "Events over time",
221
+          "intervals": [
222
+            "auto",
223
+            "1s",
224
+            "1m",
225
+            "5m",
226
+            "10m",
227
+            "30m",
228
+            "1h",
229
+            "3h",
230
+            "12h",
231
+            "1d",
232
+            "1w",
233
+            "1M",
234
+            "1y"
235
+          ],
236
+          "options": true,
237
+          "tooltip": {
238
+            "value_type": "cumulative",
239
+            "query_as_alias": true
240
+          },
241
+          "scale": 1,
242
+          "y_format": "none",
243
+          "grid": {
244
+            "max": null,
245
+            "min": 0
246
+          },
247
+          "annotate": {
248
+            "enable": false,
249
+            "query": "*",
250
+            "size": 20,
251
+            "field": "_type",
252
+            "sort": [
253
+              "_score",
254
+              "desc"
255
+            ]
256
+          },
257
+          "pointradius": 5,
258
+          "show_query": true,
259
+          "legend_counts": true,
260
+          "zerofill": true,
261
+          "derivative": false
262
+        }
263
+      ],
264
+      "notice": false
265
+    },
266
+    {
267
+      "title": "Instances/Volumes",
268
+      "height": "250",
269
+      "editable": true,
270
+      "collapse": false,
271
+      "collapsable": true,
272
+      "panels": [
273
+        {
274
+          "span": 12,
275
+          "editable": true,
276
+          "type": "trends",
277
+          "loadingEditor": false,
278
+          "ago": "1d",
279
+          "arrangement": "horizontal",
280
+          "reverse": false,
281
+          "spyable": true,
282
+          "queries": {
283
+            "mode": "all",
284
+            "ids": [
285
+              0,
286
+              1,
287
+              2,
288
+              3,
289
+              4,
290
+              5,
291
+              6
292
+            ]
293
+          },
294
+          "style": {
295
+            "font-size": "16pt"
296
+          },
297
+          "title": "Compared to Yesterday..."
298
+        },
299
+        {
300
+          "span": 12,
301
+          "editable": true,
302
+          "type": "trends",
303
+          "loadingEditor": false,
304
+          "ago": "1w",
305
+          "arrangement": "horizontal",
306
+          "reverse": false,
307
+          "spyable": true,
308
+          "queries": {
309
+            "mode": "all",
310
+            "ids": [
311
+              0,
312
+              1,
313
+              2,
314
+              3,
315
+              4,
316
+              5,
317
+              6
318
+            ]
319
+          },
320
+          "style": {
321
+            "font-size": "16pt"
322
+          },
323
+          "title": "Compared to Last Week..."
324
+        },
325
+        {
326
+          "span": 12,
327
+          "editable": true,
328
+          "type": "trends",
329
+          "loadingEditor": false,
330
+          "ago": "4w",
331
+          "arrangement": "horizontal",
332
+          "reverse": false,
333
+          "spyable": true,
334
+          "queries": {
335
+            "mode": "all",
336
+            "ids": [
337
+              0,
338
+              1,
339
+              2,
340
+              3,
341
+              4,
342
+              5,
343
+              6
344
+            ]
345
+          },
346
+          "style": {
347
+            "font-size": "16pt"
348
+          },
349
+          "title": "Compared to Last Month..."
350
+        }
351
+      ],
352
+      "notice": false
353
+    },
354
+    {
355
+      "title": "Events",
356
+      "height": "350px",
357
+      "editable": true,
358
+      "collapse": false,
359
+      "collapsable": true,
360
+      "panels": [
361
+        {
362
+          "title": "All events",
363
+          "error": false,
364
+          "span": 12,
365
+          "editable": true,
366
+          "group": [
367
+            "default"
368
+          ],
369
+          "type": "table",
370
+          "size": 100,
371
+          "pages": 5,
372
+          "offset": 0,
373
+          "sort": [
374
+            "@timestamp",
375
+            "desc"
376
+          ],
377
+          "style": {
378
+            "font-size": "9pt"
379
+          },
380
+          "overflow": "min-height",
381
+          "fields": [
382
+            "@timestamp",
383
+            "logmessage",
384
+            "syslog_hostname"
385
+          ],
386
+          "localTime": true,
387
+          "timeField": "@timestamp",
388
+          "highlight": [],
389
+          "sortable": true,
390
+          "header": true,
391
+          "paging": true,
392
+          "spyable": true,
393
+          "queries": {
394
+            "mode": "pinned",
395
+            "ids": []
396
+          },
397
+          "field_list": true,
398
+          "status": "Stable",
399
+          "trimFactor": 300,
400
+          "normTimes": true,
401
+          "all_fields": false
402
+        }
403
+      ],
404
+      "notice": false
405
+    }
406
+  ],
407
+  "editable": true,
408
+  "failover": false,
409
+  "index": {
410
+    "interval": "day",
411
+    "pattern": "[logstash-]YYYY.MM.DD",
412
+    "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
413
+    "warm_fields": true
414
+  },
415
+  "style": "dark",
416
+  "panel_hints": true,
417
+  "pulldowns": [
418
+    {
419
+      "type": "query",
420
+      "collapse": true,
421
+      "notice": false,
422
+      "query": "*",
423
+      "pinned": true,
424
+      "history": [
425
+        "\"deleted\" AND loglevel:\"INFO\" AND module:\"cinder.volume.manager\"",
426
+        "\"created -using\" AND loglevel:\"INFO\" AND module:\"cinder.volume.flows.create_volume\"",
427
+        "\"Snapshot image upload complete\"",
428
+        "\"Instance destroyed successfully\"",
429
+        "\"Instance spawned successfully\"",
430
+        "\"rac-yeg\"",
431
+        "\"rac-yyc\"",
432
+        "\"deleted\" AND loglevel:\"INFO\" AND module:\"cinder.volume\"",
433
+        "\"created -using\" AND loglevel:\"INFO\" AND module:\"cinder\"",
434
+        "\"deleted\" AND loglevel:\"INFO\" AND module:\"cinder\""
435
+      ],
436
+      "remember": 10,
437
+      "enable": true
438
+    },
439
+    {
440
+      "type": "filtering",
441
+      "collapse": true,
442
+      "notice": true,
443
+      "enable": true
444
+    }
445
+  ],
446
+  "nav": [
447
+    {
448
+      "type": "timepicker",
449
+      "collapse": false,
450
+      "notice": false,
451
+      "status": "Stable",
452
+      "time_options": [
453
+        "5m",
454
+        "15m",
455
+        "1h",
456
+        "6h",
457
+        "12h",
458
+        "24h",
459
+        "2d",
460
+        "7d",
461
+        "30d"
462
+      ],
463
+      "refresh_intervals": [
464
+        "5s",
465
+        "10s",
466
+        "30s",
467
+        "1m",
468
+        "5m",
469
+        "15m",
470
+        "30m",
471
+        "1h",
472
+        "2h",
473
+        "1d"
474
+      ],
475
+      "timefield": "@timestamp",
476
+      "now": true,
477
+      "filter_id": 0,
478
+      "enable": true
479
+    }
480
+  ],
481
+  "loader": {
482
+    "save_gist": false,
483
+    "save_elasticsearch": true,
484
+    "save_local": true,
485
+    "save_default": true,
486
+    "save_temp": true,
487
+    "save_temp_ttl_enable": true,
488
+    "save_temp_ttl": "30d",
489
+    "load_gist": true,
490
+    "load_elasticsearch": true,
491
+    "load_elasticsearch_size": 20,
492
+    "load_local": true,
493
+    "hide": false
494
+  },
495
+  "refresh": "15m"
496
+}

+ 319
- 0
logstash/cybera/InstanceCRUD.json View File

@@ -0,0 +1,319 @@
1
+{
2
+  "title": "Instance Spawns and Destroys",
3
+  "services": {
4
+    "query": {
5
+      "list": {
6
+        "0": {
7
+          "query": "\"Instance spawned successfully\"",
8
+          "alias": "Instances Spawned",
9
+          "color": "#7EB26D",
10
+          "id": 0,
11
+          "pin": false,
12
+          "type": "lucene",
13
+          "enable": true
14
+        },
15
+        "1": {
16
+          "id": 1,
17
+          "color": "#EAB839",
18
+          "alias": "Instances Destroyed",
19
+          "pin": false,
20
+          "type": "lucene",
21
+          "enable": true,
22
+          "query": "\"Instance destroyed successfully\""
23
+        },
24
+        "2": {
25
+          "id": 2,
26
+          "color": "#6ED0E0",
27
+          "alias": "Snapshots created",
28
+          "pin": false,
29
+          "type": "lucene",
30
+          "enable": true,
31
+          "query": "\"Snapshot image upload complete\""
32
+        }
33
+      },
34
+      "ids": [
35
+        0,
36
+        1,
37
+        2
38
+      ]
39
+    },
40
+    "filter": {
41
+      "list": {
42
+        "0": {
43
+          "type": "time",
44
+          "field": "@timestamp",
45
+          "from": "now-30d",
46
+          "to": "now",
47
+          "mandate": "must",
48
+          "active": true,
49
+          "alias": "",
50
+          "id": 0
51
+        }
52
+      },
53
+      "ids": [
54
+        0
55
+      ]
56
+    }
57
+  },
58
+  "rows": [
59
+    {
60
+      "title": "Graph",
61
+      "height": "350px",
62
+      "editable": true,
63
+      "collapse": false,
64
+      "collapsable": true,
65
+      "panels": [
66
+        {
67
+          "span": 12,
68
+          "editable": true,
69
+          "group": [
70
+            "default"
71
+          ],
72
+          "type": "histogram",
73
+          "mode": "count",
74
+          "time_field": "@timestamp",
75
+          "value_field": null,
76
+          "auto_int": false,
77
+          "resolution": 100,
78
+          "interval": "24h",
79
+          "fill": 0,
80
+          "linewidth": 3,
81
+          "timezone": "browser",
82
+          "spyable": true,
83
+          "zoomlinks": true,
84
+          "bars": false,
85
+          "stack": false,
86
+          "points": true,
87
+          "lines": false,
88
+          "legend": true,
89
+          "x-axis": true,
90
+          "y-axis": true,
91
+          "percentage": false,
92
+          "interactive": true,
93
+          "queries": {
94
+            "mode": "all",
95
+            "ids": [
96
+              0,
97
+              1,
98
+              2
99
+            ]
100
+          },
101
+          "title": "Events over time",
102
+          "intervals": [
103
+            "auto",
104
+            "1s",
105
+            "1m",
106
+            "5m",
107
+            "10m",
108
+            "30m",
109
+            "1h",
110
+            "3h",
111
+            "12h",
112
+            "1d",
113
+            "1w",
114
+            "1M",
115
+            "1y"
116
+          ],
117
+          "options": true,
118
+          "tooltip": {
119
+            "value_type": "cumulative",
120
+            "query_as_alias": true
121
+          },
122
+          "scale": 1,
123
+          "y_format": "none",
124
+          "grid": {
125
+            "max": null,
126
+            "min": 0
127
+          },
128
+          "annotate": {
129
+            "enable": false,
130
+            "query": "*",
131
+            "size": 20,
132
+            "field": "_type",
133
+            "sort": [
134
+              "_score",
135
+              "desc"
136
+            ]
137
+          },
138
+          "pointradius": 3,
139
+          "show_query": true,
140
+          "legend_counts": true,
141
+          "zerofill": false,
142
+          "derivative": false,
143
+          "scaleSeconds": false
144
+        }
145
+      ],
146
+      "notice": false
147
+    },
148
+    {
149
+      "title": "Stats",
150
+      "height": "50px",
151
+      "editable": true,
152
+      "collapse": false,
153
+      "collapsable": true,
154
+      "panels": [
155
+        {
156
+          "span": 4,
157
+          "editable": true,
158
+          "type": "trends",
159
+          "loadingEditor": false,
160
+          "ago": "1w",
161
+          "arrangement": "horizontal",
162
+          "reverse": false,
163
+          "spyable": true,
164
+          "queries": {
165
+            "mode": "all",
166
+            "ids": [
167
+              0,
168
+              1,
169
+              2
170
+            ]
171
+          },
172
+          "style": {
173
+            "font-size": "14pt"
174
+          },
175
+          "title": "Compared to last week..."
176
+        }
177
+      ],
178
+      "notice": false
179
+    },
180
+    {
181
+      "title": "Events",
182
+      "height": "350px",
183
+      "editable": true,
184
+      "collapse": false,
185
+      "collapsable": true,
186
+      "panels": [
187
+        {
188
+          "title": "All events",
189
+          "error": false,
190
+          "span": 12,
191
+          "editable": true,
192
+          "group": [
193
+            "default"
194
+          ],
195
+          "type": "table",
196
+          "size": 100,
197
+          "pages": 5,
198
+          "offset": 0,
199
+          "sort": [
200
+            "@timestamp",
201
+            "desc"
202
+          ],
203
+          "style": {
204
+            "font-size": "9pt"
205
+          },
206
+          "overflow": "min-height",
207
+          "fields": [],
208
+          "localTime": true,
209
+          "timeField": "@timestamp",
210
+          "highlight": [],
211
+          "sortable": true,
212
+          "header": true,
213
+          "paging": true,
214
+          "spyable": true,
215
+          "queries": {
216
+            "mode": "all",
217
+            "ids": [
218
+              0,
219
+              1,
220
+              2
221
+            ]
222
+          },
223
+          "field_list": true,
224
+          "status": "Stable",
225
+          "trimFactor": 300,
226
+          "normTimes": true,
227
+          "all_fields": false
228
+        }
229
+      ],
230
+      "notice": false
231
+    }
232
+  ],
233
+  "editable": true,
234
+  "failover": false,
235
+  "index": {
236
+    "interval": "day",
237
+    "pattern": "[logstash-]YYYY.MM.DD",
238
+    "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
239
+    "warm_fields": true
240
+  },
241
+  "style": "dark",
242
+  "panel_hints": true,
243
+  "pulldowns": [
244
+    {
245
+      "type": "query",
246
+      "collapse": true,
247
+      "notice": false,
248
+      "query": "*",
249
+      "pinned": true,
250
+      "history": [
251
+        "\"Snapshot image upload complete\"",
252
+        "\"Instance destroyed successfully\"",
253
+        "\"Instance spawned successfully\"",
254
+        "\"Snapshot upload complete\"",
255
+        "\"Instance Spawned Successfully\"",
256
+        "Instance",
257
+        "Created",
258
+      ],
259
+      "remember": 10,
260
+      "enable": true
261
+    },
262
+    {
263
+      "type": "filtering",
264
+      "collapse": true,
265
+      "notice": false,
266
+      "enable": true
267
+    }
268
+  ],
269
+  "nav": [
270
+    {
271
+      "type": "timepicker",
272
+      "collapse": false,
273
+      "notice": false,
274
+      "status": "Stable",
275
+      "time_options": [
276
+        "5m",
277
+        "15m",
278
+        "1h",
279
+        "6h",
280
+        "12h",
281
+        "24h",
282
+        "2d",
283
+        "7d",
284
+        "30d"
285
+      ],
286
+      "refresh_intervals": [
287
+        "5s",
288
+        "10s",
289
+        "30s",
290
+        "1m",
291
+        "5m",
292
+        "15m",
293
+        "30m",
294
+        "1h",
295
+        "2h",
296
+        "1d"
297
+      ],
298
+      "timefield": "@timestamp",
299
+      "now": true,
300
+      "filter_id": 0,
301
+      "enable": true
302
+    }
303
+  ],
304
+  "loader": {
305
+    "save_gist": false,
306
+    "save_elasticsearch": true,
307
+    "save_local": true,
308
+    "save_default": true,
309
+    "save_temp": true,
310
+    "save_temp_ttl_enable": true,
311
+    "save_temp_ttl": "30d",
312
+    "load_gist": true,
313
+    "load_elasticsearch": true,
314
+    "load_elasticsearch_size": 20,
315
+    "load_local": true,
316
+    "hide": false
317
+  },
318
+  "refresh": false
319
+}

+ 298
- 0
logstash/cybera/Migrations.json View File

@@ -0,0 +1,298 @@
1
+{
2
+  "title": "Migrations",
3
+  "services": {
4
+    "query": {
5
+      "list": {
6
+        "0": {
7
+          "query": "\"Going to try to live migrate instance to\"",
8
+          "alias": "Migration Attempts",
9
+          "color": "#B7DBAB",
10
+          "id": 0,
11
+          "pin": false,
12
+          "type": "lucene",
13
+          "enable": true
14
+        },
15
+        "1": {
16
+          "id": 1,
17
+          "color": "#7EB26D",
18
+          "alias": "Migration Success",
19
+          "pin": false,
20
+          "type": "lucene",
21
+          "enable": true,
22
+          "query": "\"base_of_fqdn_goes_here finished successfully\""
23
+        },
24
+        "2": {
25
+          "id": 2,
26
+          "color": "#890F02",
27
+          "alias": "Migration Failures",
28
+          "pin": false,
29
+          "type": "lucene",
30
+          "enable": true,
31
+          "query": "\"Live Migration failure\""
32
+        }
33
+      },
34
+      "ids": [
35
+        0,
36
+        1,
37
+        2
38
+      ]
39
+    },
40
+    "filter": {
41
+      "list": {
42
+        "0": {
43
+          "from": "2014-09-03T19:02:17.256Z",
44
+          "to": "now",
45
+          "type": "time",
46
+          "field": "@timestamp",
47
+          "mandate": "must",
48
+          "active": true,
49
+          "alias": "",
50
+          "id": 0
51
+        },
52
+        "1": {
53
+          "type": "time",
54
+          "from": "2014-09-03T19:25:36.941Z",
55
+          "to": "2014-09-03T20:54:09.058Z",
56
+          "field": "@timestamp",
57
+          "mandate": "must",
58
+          "active": true,
59
+          "alias": "",
60
+          "id": 1
61
+        }
62
+      },
63
+      "ids": [
64
+        0,
65
+        1
66
+      ]
67
+    }
68
+  },
69
+  "rows": [
70
+    {
71
+      "title": "Graph",
72
+      "height": "350px",
73
+      "editable": true,
74
+      "collapse": false,
75
+      "collapsable": true,
76
+      "panels": [
77
+        {
78
+          "span": 12,
79
+          "editable": true,
80
+          "group": [
81
+            "default"
82
+          ],
83
+          "type": "histogram",
84
+          "mode": "count",
85
+          "time_field": "@timestamp",
86
+          "value_field": null,
87
+          "auto_int": true,
88
+          "resolution": 100,
89
+          "interval": "1m",
90
+          "fill": 3,
91
+          "linewidth": 3,
92
+          "timezone": "browser",
93
+          "spyable": true,
94
+          "zoomlinks": true,
95
+          "bars": true,
96
+          "stack": true,
97
+          "points": false,
98
+          "lines": false,
99
+          "legend": true,
100
+          "x-axis": true,
101
+          "y-axis": true,
102
+          "percentage": false,
103
+          "interactive": true,
104
+          "queries": {
105
+            "mode": "all",
106
+            "ids": [
107
+              0,
108
+              1,
109
+              2
110
+            ]
111
+          },
112
+          "title": "Events over time",
113
+          "intervals": [
114
+            "auto",
115
+            "1s",
116
+            "1m",
117
+            "5m",
118
+            "10m",
119
+            "30m",
120
+            "1h",
121
+            "3h",
122
+            "12h",
123
+            "1d",
124
+            "1w",
125
+            "1M",
126
+            "1y"
127
+          ],
128
+          "options": true,
129
+          "tooltip": {
130
+            "value_type": "individual",
131
+            "query_as_alias": true
132
+          },
133
+          "scale": 1,
134
+          "y_format": "short",
135
+          "grid": {
136
+            "max": null,
137
+            "min": 0
138
+          },
139
+          "annotate": {
140
+            "enable": false,
141
+            "query": "*",
142
+            "size": 20,
143
+            "field": "_type",
144
+            "sort": [
145
+              "_score",
146
+              "desc"
147
+            ]
148
+          },
149
+          "pointradius": 5,
150
+          "show_query": true,
151
+          "legend_counts": true,
152
+          "zerofill": false,
153
+          "derivative": false
154
+        }
155
+      ],
156
+      "notice": false
157
+    },
158
+    {
159
+      "title": "Events",
160
+      "height": "350px",
161
+      "editable": true,
162
+      "collapse": false,
163
+      "collapsable": true,
164
+      "panels": [
165
+        {
166
+          "title": "All events",
167
+          "error": false,
168
+          "span": 12,
169
+          "editable": true,
170
+          "group": [
171
+            "default"
172
+          ],
173
+          "type": "table",
174
+          "size": 100,
175
+          "pages": 5,
176
+          "offset": 0,
177
+          "sort": [
178
+            "@timestamp",
179
+            "desc"
180
+          ],
181
+          "style": {
182
+            "font-size": "9pt"
183
+          },
184
+          "overflow": "min-height",
185
+          "fields": [
186
+            "@timestamp",
187
+            "logmessage",
188
+            "@source_host"
189
+          ],
190
+          "localTime": true,
191
+          "timeField": "@timestamp",
192
+          "highlight": [],
193
+          "sortable": true,
194
+          "header": true,
195
+          "paging": true,
196
+          "spyable": true,
197
+          "queries": {
198
+            "mode": "all",
199
+            "ids": [
200
+              0,
201
+              1,
202
+              2
203
+            ]
204
+          },
205
+          "field_list": true,
206
+          "status": "Stable",
207
+          "trimFactor": 300,
208
+          "normTimes": true,
209
+          "all_fields": false
210
+        }
211
+      ],
212
+      "notice": false
213
+    }
214
+  ],
215
+  "editable": true,
216
+  "failover": false,
217
+  "index": {
218
+    "interval": "day",
219
+    "pattern": "[logstash-]YYYY.MM.DD",
220
+    "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
221
+    "warm_fields": true
222
+  },
223
+  "style": "dark",
224
+  "panel_hints": true,
225
+  "pulldowns": [
226
+    {
227
+      "type": "query",
228
+      "collapse": false,
229
+      "notice": false,
230
+      "query": "*",
231
+      "pinned": true,
232
+      "history": [
233
+        "\"Live Migration failure\"",
234
+        "\"Going to try to live migrate instance to\"",
235
+        "\"Migrate instance to\"",
236
+        "\"Migrate instance to\" AND \"finished successfully\""
237
+      ],
238
+      "remember": 10,
239
+      "enable": true
240
+    },
241
+    {
242
+      "type": "filtering",
243
+      "collapse": true,
244
+      "notice": true,
245
+      "enable": true
246
+    }
247
+  ],
248
+  "nav": [
249
+    {
250
+      "type": "timepicker",
251
+      "collapse": false,
252
+      "notice": false,
253
+      "status": "Stable",
254
+      "time_options": [
255
+        "5m",
256
+        "15m",
257
+        "1h",
258
+        "6h",
259
+        "12h",
260
+        "24h",
261
+        "2d",
262
+        "7d",
263
+        "30d"
264
+      ],
265
+      "refresh_intervals": [
266
+        "5s",
267
+        "10s",
268
+        "30s",
269
+        "1m",
270
+        "5m",
271
+        "15m",
272
+        "30m",
273
+        "1h",
274
+        "2h",
275
+        "1d"
276
+      ],
277
+      "timefield": "@timestamp",
278
+      "now": false,
279
+      "filter_id": 0,
280
+      "enable": true
281
+    }
282
+  ],
283
+  "loader": {
284
+    "save_gist": false,
285
+    "save_elasticsearch": true,
286
+    "save_local": true,
287
+    "save_default": true,
288
+    "save_temp": true,
289
+    "save_temp_ttl_enable": true,
290
+    "save_temp_ttl": "30d",
291
+    "load_gist": true,
292
+    "load_elasticsearch": true,
293
+    "load_elasticsearch_size": 20,
294
+    "load_local": true,
295
+    "hide": false
296
+  },
297
+  "refresh": false
298
+}

+ 50
- 0
logstash/cybera/README.md View File

@@ -0,0 +1,50 @@
1
+# Cybera
2
+
3
+Example config and dashboards developed at Cybera for our public clouds. Most of the dashboards are largely to see what kind of information can be pulled from the logs or as alternatives to watching for specific log entries in a very busy `tail -f` stream.
4
+
5
+Setup:
6
+All services are set to DEBUG and to log to syslog, and the nodes then forward to a central rsyslog server that runs [beaver](https://github.com/josegonzalez/python-beaver) to push and tag the logs to our Rabbit cluster. The logstash agent then pulls the logs from Rabbit.
7
+
8
+Caveats:
9
+Beaver can only manage pushing up to 350 events/sec due to the way the Pika (Rabbit) library is used. If better performance is needed - look at the Redis options.
10
+
11
+## Dashboards
12
+
13
+### DefaultView.json
14
+
15
+The Default View gives an overview of the number of logs between regions, along with some log based counts of instance creation/deletion, volume creation/deletion, and snapshot creation.
16
+
17
+<Screenshot>
18
+
19
+### SnapshotCheckpoints.json
20
+
21
+Shows the "checkpoints" of instance snapshotting.
22
+
23
+<Screenshot>
24
+
25
+### InstanceCRUD.json
26
+
27
+Shows instance creation and deletion along with snapshot creation points.
28
+
29
+<Screenshot>
30
+
31
+### Migrations.json
32
+
33
+Shows the "checkpoints" of instance migration. One of the queries needs to be changed to the base of your compute node's fqdn. (node1.example.com would be just example.com)
34
+
35
+<Screenshot>
36
+
37
+### VolumeCRUD.json
38
+
39
+Shows volume creation and deletion.
40
+
41
+<Screenshot>
42
+
43
+## Logstash
44
+
45
+Logstash.conf - example downloading from rabbit.
46
+
47
+## Beaver
48
+
49
+beaver.conf - The example beaver config showing what we tag logs with.
50
+

+ 356
- 0
logstash/cybera/SnapshotCheckpoints.json View File

@@ -0,0 +1,356 @@
1
+{
2
+  "title": "Instance Checkpoint Checks",
3
+  "services": {
4
+    "query": {
5
+      "list": {
6
+        "0": {
7
+          "query": "\"instance snapshotting\"",
8
+          "alias": "",
9
+          "color": "#7EB26D",
10
+          "id": 0,
11
+          "pin": false,
12
+          "type": "lucene",
13
+          "enable": true
14
+        },
15
+        "1": {
16
+          "id": 1,
17
+          "color": "#EAB839",
18
+          "alias": "",
19
+          "pin": false,
20
+          "type": "lucene",
21
+          "enable": true,
22
+          "query": "\"Beginning live snapshot process\""
23
+        },
24
+        "2": {
25
+          "id": 2,
26
+          "color": "#6ED0E0",
27
+          "alias": "",
28
+          "pin": false,
29
+          "type": "lucene",
30
+          "enable": true,
31
+          "query": "\"Snapshot extracted\""
32
+        },
33
+        "3": {
34
+          "id": 3,
35
+          "color": "#EF843C",
36
+          "alias": "",
37
+          "pin": false,
38
+          "type": "lucene",
39
+          "enable": true,
40
+          "query": "\"Uploading image data for image\""
41
+        },
42
+        "4": {
43
+          "id": 4,
44
+          "color": "#E24D42",
45
+          "alias": "",
46
+          "pin": false,
47
+          "type": "lucene",
48
+          "enable": true,
49
+          "query": "\"bytes to /var/lib/glance/images\""
50
+        },
51
+        "5": {
52
+          "id": 5,
53
+          "color": "#1F78C1",
54
+          "alias": "",
55
+          "pin": false,
56
+          "type": "lucene",
57
+          "enable": true,
58
+          "query": "\"Snapshot image upload complete\""
59
+        }
60
+      },
61
+      "ids": [
62
+        0,
63
+        1,
64
+        2,
65
+        3,
66
+        4,
67
+        5
68
+      ]
69
+    },
70
+    "filter": {
71
+      "list": {
72
+        "0": {
73
+          "type": "time",
74
+          "field": "@timestamp",
75
+          "from": "now-24h",
76
+          "to": "now",
77
+          "mandate": "must",
78
+          "active": true,
79
+          "alias": "",
80
+          "id": 0
81
+        },
82
+        "1": {
83
+          "type": "field",
84
+          "field": "logmessage",
85
+          "query": "\"UUID GOES HERE\"",
86
+          "mandate": "must",
87
+          "active": true,
88
+          "alias": "",
89
+          "id": 1
90
+        }
91
+      },
92
+      "ids": [
93
+        0,
94
+        1
95
+      ]
96
+    }
97
+  },
98
+  "rows": [
99
+    {
100
+      "title": "Instructions",
101
+      "height": "50px",
102
+      "editable": true,
103
+      "collapse": false,
104
+      "collapsable": false,
105
+      "panels": [
106
+        {
107
+          "error": false,
108
+          "span": 12,
109
+          "editable": true,
110
+          "type": "text",
111
+          "loadingEditor": false,
112
+          "mode": "markdown",
113
+          "content": "Add the **instance** UUID to the logmessage filter to monitor the times the snapshot hits it's Glance checkpoints.  Alternatively remove the filter to see all instances.\n\nPlease note the last two points (image saved and bytes saved) will show results when an image is uploaded as well.",
114
+          "style": {},
115
+          "title": "Instructions"
116
+        }
117
+      ],
118
+      "notice": false
119
+    },
120
+    {
121
+      "title": "Graph",
122
+      "height": "350px",
123
+      "editable": true,
124
+      "collapse": false,
125
+      "collapsable": true,
126
+      "panels": [
127
+        {
128
+          "span": 12,
129
+          "editable": true,
130
+          "group": [
131
+            "default"
132
+          ],
133
+          "type": "histogram",
134
+          "mode": "count",
135
+          "time_field": "@timestamp",
136
+          "value_field": null,
137
+          "auto_int": true,
138
+          "resolution": 100,
139
+          "interval": "10m",
140
+          "fill": 3,
141
+          "linewidth": 3,
142
+          "timezone": "browser",
143
+          "spyable": true,
144
+          "zoomlinks": true,
145
+          "bars": true,
146
+          "stack": true,
147
+          "points": false,
148
+          "lines": false,
149
+          "legend": true,
150
+          "x-axis": true,
151
+          "y-axis": true,
152
+          "percentage": false,
153
+          "interactive": true,
154
+          "queries": {
155
+            "mode": "all",
156
+            "ids": [
157
+              0,
158
+              1,
159
+              2,
160
+              3,
161
+              4,
162
+              5
163
+            ]
164
+          },
165
+          "title": "Events over time",
166
+          "intervals": [
167
+            "auto",
168
+            "1s",
169
+            "1m",
170
+            "5m",
171
+            "10m",
172
+            "30m",
173
+            "1h",
174
+            "3h",
175
+            "12h",
176
+            "1d",
177
+            "1w",
178
+            "1M",
179
+            "1y"
180
+          ],
181
+          "options": true,
182
+          "tooltip": {
183
+            "value_type": "cumulative",
184
+            "query_as_alias": true
185
+          },
186
+          "scale": 1,
187
+          "y_format": "none",
188
+          "grid": {
189
+            "max": null,
190
+            "min": 0
191
+          },
192
+          "annotate": {
193
+            "enable": false,
194
+            "query": "*",
195
+            "size": 20,
196
+            "field": "_type",
197
+            "sort": [
198
+              "_score",
199
+              "desc"
200
+            ]
201
+          },
202
+          "pointradius": 5,
203
+          "show_query": true,
204
+          "legend_counts": true,
205
+          "zerofill": false,
206
+          "derivative": false
207
+        }
208
+      ],
209
+      "notice": false
210
+    },
211
+    {
212
+      "title": "Events",
213
+      "height": "350px",
214
+      "editable": true,
215
+      "collapse": false,
216
+      "collapsable": true,
217
+      "panels": [
218
+        {
219
+          "title": "All events",
220
+          "error": false,
221
+          "span": 12,
222
+          "editable": true,
223
+          "group": [
224
+            "default"
225
+          ],
226
+          "type": "table",
227
+          "size": 100,
228
+          "pages": 5,
229
+          "offset": 0,
230
+          "sort": [
231
+            "@timestamp",
232
+            "desc"
233
+          ],
234
+          "style": {
235
+            "font-size": "9pt"
236
+          },
237
+          "overflow": "min-height",
238
+          "fields": [],
239
+          "localTime": true,
240
+          "timeField": "@timestamp",
241
+          "highlight": [],
242
+          "sortable": true,
243
+          "header": true,
244
+          "paging": true,
245
+          "spyable": true,
246
+          "queries": {
247
+            "mode": "all",
248
+            "ids": [
249
+              0,
250
+              1,
251
+              2,
252
+              3,
253
+              4,
254
+              5
255
+            ]
256
+          },
257
+          "field_list": true,
258
+          "status": "Stable",
259
+          "trimFactor": 300,
260
+          "normTimes": true,
261
+          "all_fields": false
262
+        }
263
+      ],
264
+      "notice": false
265
+    }
266
+  ],
267
+  "editable": true,
268
+  "failover": false,
269
+  "index": {
270
+    "interval": "day",
271
+    "pattern": "[logstash-]YYYY.MM.DD",
272
+    "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
273
+    "warm_fields": true
274
+  },
275
+  "style": "dark",
276
+  "panel_hints": true,
277
+  "pulldowns": [
278
+    {
279
+      "type": "query",
280
+      "collapse": true,
281
+      "notice": false,
282
+      "query": "*",
283
+      "pinned": true,
284
+      "history": [
285
+        "\"Snapshot image upload complete\"",
286
+        "\"bytes to /var/lib/glance/images\"",
287
+        "\"Uploading image data for image\"",
288
+        "\"Snapshot extracted\"",
289
+        "\"Beginning live snapshot process\"",
290
+        "\"instance snapshotting\"",
291
+        "Snapshot extracted",
292
+        "Beginning live snapshot process",
293
+        "instance snapshotting",
294
+        "[instance: *] Beginning live snapshot process"
295
+      ],
296
+      "remember": 10,
297
+      "enable": true
298
+    },
299
+    {
300
+      "type": "filtering",
301
+      "collapse": false,
302
+      "notice": true,
303
+      "enable": true
304
+    }
305
+  ],
306
+  "nav": [
307
+    {
308
+      "type": "timepicker",
309
+      "collapse": false,
310
+      "notice": false,
311
+      "status": "Stable",
312
+      "time_options": [
313
+        "5m",
314
+        "15m",
315
+        "1h",
316
+        "6h",
317
+        "12h",
318
+        "24h",
319
+        "2d",
320
+        "7d",
321
+        "30d"
322
+      ],
323
+      "refresh_intervals": [
324
+        "5s",
325
+        "10s",
326
+        "30s",
327
+        "1m",
328
+        "5m",
329
+        "15m",
330
+        "30m",
331
+        "1h",
332
+        "2h",
333
+        "1d"
334
+      ],
335
+      "timefield": "@timestamp",
336
+      "now": true,
337
+      "filter_id": 0,
338
+      "enable": true
339
+    }
340
+  ],
341
+  "loader": {
342
+    "save_gist": false,
343
+    "save_elasticsearch": true,
344
+    "save_local": true,
345
+    "save_default": true,
346
+    "save_temp": true,
347
+    "save_temp_ttl_enable": true,
348
+    "save_temp_ttl": "30d",
349
+    "load_gist": true,
350
+    "load_elasticsearch": true,
351
+    "load_elasticsearch_size": 20,
352
+    "load_local": true,
353
+    "hide": false
354
+  },
355
+  "refresh": false
356
+}

+ 297
- 0
logstash/cybera/VolumeCRUD.json View File

@@ -0,0 +1,297 @@
1
+{
2
+  "title": "Volume Creation and Deletion",
3
+  "services": {
4
+    "query": {
5
+      "list": {
6
+        "0": {
7
+          "query": "created -using",
8
+          "alias": "Created",
9
+          "color": "#7EB26D",
10
+          "id": 0,
11
+          "pin": false,
12
+          "type": "lucene",
13
+          "enable": true
14
+        },
15
+        "1": {
16
+          "id": 1,
17
+          "color": "#EAB839",
18
+          "alias": "Deleted",
19
+          "pin": false,
20
+          "type": "lucene",
21
+          "enable": true,
22
+          "query": "deleted"
23
+        }
24
+      },
25
+      "ids": [
26
+        0,
27
+        1
28
+      ]
29
+    },
30
+    "filter": {
31
+      "list": {
32
+        "0": {
33
+          "type": "time",
34
+          "field": "@timestamp",
35
+          "from": "now-30d",
36
+          "to": "now",
37
+          "mandate": "must",
38
+          "active": true,
39
+          "alias": "",
40
+          "id": 0
41
+        },
42
+        "1": {
43
+          "type": "field",
44
+          "field": "module",
45
+          "query": "\"cinder.volume.flows.create_volume\" or \"cinder.volume.manager\"",
46
+          "mandate": "either",
47
+          "active": true,
48
+          "alias": "",
49
+          "id": 1
50
+        },
51
+        "2": {
52
+          "type": "field",
53
+          "field": "loglevel",
54
+          "query": "\"INFO\"",
55
+          "mandate": "must",
56
+          "active": true,
57
+          "alias": "",
58
+          "id": 2
59
+        }
60
+      },
61
+      "ids": [
62
+        0,
63
+        1,
64
+        2
65
+      ]
66
+    }
67
+  },
68
+  "rows": [
69
+    {
70
+      "title": "Graph",
71
+      "height": "350px",
72
+      "editable": true,
73
+      "collapse": false,
74
+      "collapsable": true,
75
+      "panels": [
76
+        {
77
+          "span": 12,
78
+          "editable": true,
79
+          "group": [
80
+            "default"
81
+          ],
82
+          "type": "histogram",
83
+          "mode": "count",
84
+          "time_field": "@timestamp",
85
+          "value_field": null,
86
+          "auto_int": false,
87
+          "resolution": 100,
88
+          "interval": "24h",
89
+          "fill": 3,
90
+          "linewidth": 3,
91
+          "timezone": "browser",
92
+          "spyable": true,
93
+          "zoomlinks": true,
94
+          "bars": false,
95
+          "stack": false,
96
+          "points": true,
97
+          "lines": false,
98
+          "legend": true,
99
+          "x-axis": true,
100
+          "y-axis": true,
101
+          "percentage": false,
102
+          "interactive": true,
103
+          "queries": {
104
+            "mode": "all",
105
+            "ids": [
106
+              0,
107
+              1
108
+            ]
109
+          },
110
+          "title": "Volume Events",
111
+          "intervals": [
112
+            "auto",
113
+            "1s",
114
+            "1m",
115
+            "5m",
116
+            "10m",
117
+            "30m",
118
+            "1h",
119
+            "3h",
120
+            "12h",
121
+            "1d",
122
+            "1w",
123
+            "1M",
124
+            "1y"
125
+          ],
126
+          "options": true,
127
+          "tooltip": {
128
+            "value_type": "individual",
129
+            "query_as_alias": true
130
+          },
131
+          "scale": 1,
132
+          "y_format": "none",
133
+          "grid": {
134
+            "max": null,
135
+            "min": 0
136
+          },
137
+          "annotate": {
138
+            "enable": false,
139
+            "query": "*",
140
+            "size": 20,
141
+            "field": "_type",
142
+            "sort": [
143
+              "_score",
144
+              "desc"
145
+            ]
146
+          },
147
+          "pointradius": 5,
148
+          "show_query": true,
149
+          "legend_counts": true,
150
+          "zerofill": false,
151
+          "derivative": false
152
+        }
153
+      ],
154
+      "notice": false
155
+    },
156
+    {
157
+      "title": "Events",
158
+      "height": "350px",
159
+      "editable": true,
160
+      "collapse": false,
161
+      "collapsable": true,
162
+      "panels": [
163
+        {
164
+          "title": "All events",
165
+          "error": false,
166
+          "span": 12,
167
+          "editable": true,
168
+          "group": [
169
+            "default"
170
+          ],
171
+          "type": "table",
172
+          "size": 100,
173
+          "pages": 5,
174
+          "offset": 0,
175
+          "sort": [
176
+            "@timestamp",
177
+            "desc"
178
+          ],
179
+          "style": {
180
+            "font-size": "9pt"
181
+          },
182
+          "overflow": "min-height",
183
+          "fields": [],
184
+          "localTime": true,
185
+          "timeField": "@timestamp",
186
+          "highlight": [],
187
+          "sortable": true,
188
+          "header": true,
189
+          "paging": true,
190
+          "spyable": true,
191
+          "queries": {
192
+            "mode": "all",
193
+            "ids": [
194
+              0,
195
+              1
196
+            ]
197
+          },
198
+          "field_list": true,
199
+          "status": "Stable",
200
+          "trimFactor": 300,
201
+          "normTimes": true,
202
+          "all_fields": false
203
+        }
204
+      ],
205
+      "notice": false
206
+    }
207
+  ],
208
+  "editable": true,
209
+  "failover": false,
210
+  "index": {
211
+    "interval": "day",
212
+    "pattern": "[logstash-]YYYY.MM.DD",
213
+    "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
214
+    "warm_fields": true
215
+  },
216
+  "style": "dark",
217
+  "panel_hints": true,
218
+  "pulldowns": [
219
+    {
220
+      "type": "query",
221
+      "collapse": false,
222
+      "notice": false,
223
+      "query": "*",
224
+      "pinned": true,
225
+      "history": [
226
+        "deleted",
227
+        "created -using",
228
+        "created",
229
+        "successfully",
230
+        "f2b10018-f9eb-424b-ad7b-669cc691687b",
231
+        "created successfully",
232
+        "\"cinder.volume.flows.create_volume\" + message:\"created successfully\"",
233
+        "\"cinder.volume.flows.create_volume\" message:\"created successfully\"",
234
+        "\"cinder.volume.flows.create_volume\" message:succesfully",
235
+        "\"cinder.volume.flows.create_volume\" + succesfully"
236
+      ],
237
+      "remember": 10,
238
+      "enable": true
239
+    },
240
+    {
241
+      "type": "filtering",
242
+      "collapse": true,
243
+      "notice": true,
244
+      "enable": true
245
+    }
246
+  ],
247
+  "nav": [
248
+    {
249
+      "type": "timepicker",
250
+      "collapse": false,
251
+      "notice": false,
252
+      "status": "Stable",
253
+      "time_options": [
254
+        "5m",
255
+        "15m",
256
+        "1h",
257
+        "6h",
258
+        "12h",
259
+        "24h",
260
+        "2d",
261
+        "7d",
262
+        "30d"
263
+      ],
264
+      "refresh_intervals": [
265
+        "5s",
266
+        "10s",
267
+        "30s",
268
+        "1m",
269
+        "5m",
270
+        "15m",
271
+        "30m",
272
+        "1h",
273
+        "2h",
274
+        "1d"
275
+      ],
276
+      "timefield": "@timestamp",
277
+      "now": true,
278
+      "filter_id": 0,
279
+      "enable": true
280
+    }
281
+  ],
282
+  "loader": {
283
+    "save_gist": false,
284
+    "save_elasticsearch": true,
285
+    "save_local": true,
286
+    "save_default": true,
287
+    "save_temp": true,
288
+    "save_temp_ttl_enable": true,
289
+    "save_temp_ttl": "30d",
290
+    "load_gist": true,
291
+    "load_elasticsearch": true,
292
+    "load_elasticsearch_size": 20,
293
+    "load_local": true,
294
+    "hide": false
295
+  },
296
+  "refresh": false
297
+}

+ 37
- 0
logstash/cybera/beaver.conf View File

@@ -0,0 +1,37 @@
1
+[beaver]
2
+rabbitmq_host = rabbitmqcluster_fqdn
3
+rabbitmq_password = password
4
+format = msgpack
5
+rabbitmq_vhost = rsyslog
6
+rabbitmq_exchange_type = direct
7
+rabbitmq_queue_durable = 1
8
+rabbitmq_username = logstash
9
+rabbitmq_ssl = 1
10
+logstash_version = 1
11
+rabbitmq_queue = logstash
12
+rabbitmq_exchange_durable = 0
13
+rabbitmq_exchange = region1-logs
14
+
15
+[/var/log/rsyslog/swift.log]
16
+tags = cloud,region1,openstack,swift,swiftfmt
17
+type = swift
18
+
19
+[/var/log/rsyslog/nova.log]
20
+tags = cloud,region1,openstack,nova,oslofmt
21
+type = nova
22
+
23
+[/var/log/rsyslog/syslog.log]
24
+tags = cloud,region1,syslogfmt
25
+type = syslog
26
+
27
+[/var/log/rsyslog/cinder.log]
28
+type = cinder
29
+tags = cloud,region1,openstack,cinder,oslofmt
30
+
31
+[/var/log/rsyslog/keystone.log]
32
+tags = cloud,region1,openstack,keystone,oslofmt
33
+type = keystone
34
+
35
+[/var/log/rsyslog/glance.log]
36
+tags = cloud,region1,openstack,glance,oslofmt
37
+type = glance

+ 116
- 0
logstash/cybera/logstash.conf View File

@@ -0,0 +1,116 @@
1
+input {
2
+
3
+  # Region 1
4
+  rabbitmq {
5
+    codec => "msgpack"
6
+    debug => true
7
+    host => "region1.cybera.ca"
8
+    exchange => "region1-logs"
9
+    user => "logstash"
10
+    password => "password"
11
+    ssl => true
12
+    port => "5672"
13
+    vhost => "rsyslog"
14
+    auto_delete => false
15
+    durable => true
16
+    key => 'logstash'
17
+    exclusive => false
18
+    passive => true
19
+    queue => 'logstash'
20
+  }
21
+
22
+  # Region 2
23
+  rabbitmq {
24
+    codec => "msgpack"
25
+    debug => true
26
+    host => "region2.cybera.ca"
27
+    exchange => "region1-logs"
28
+    user => "logstash"
29
+    password => "password"
30
+    ssl => true
31
+    port => "5672"
32
+    vhost => "rsyslog"
33
+    auto_delete => false
34
+    durable => true
35
+    key => 'logstash'
36
+    exclusive => false
37
+    passive => true
38
+    queue => 'logstash'
39
+  }
40
+
41
+}
42
+
43
+
44
+filter {
45
+  if "oslofmt" in [tags] {
46
+    grok {
47
+      match => { "message" => "^%{TIMESTAMP_ISO8601:logdate} %{SYSLOGHOST:syslog_hostname} %{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND} %{NUMBER:syslog_pid} (?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) %{NOTSPACE:module} (?<ref_id_group>\[%{NOTSPACE:ref_id}?%{DATA:ref_id2}\]) %{GREEDYDATA:logmessage}" }
48
+      add_field => { "received_at" => "%{@timestamp}" }
49
+    }
50
+    if !("_grokparsefailure" in [tags]) {
51
+      mutate {
52
+        replace => [ "@source_host", "%{syslog_hostname}" ]
53
+        gsub => [ "message", "#012", "\
54
+"]
55
+      }
56
+    }
57
+    # Make sure we set @timestamp to the log date
58
+    date {
59
+      match => [ "logdate", "ISO8601" ]
60
+      locale => "en"
61
+      target => "@timestamp"
62
+    }
63
+  } else if "syslogfmt" in [tags] {
64
+    grok {
65
+      match => { "message" => "^%{TIMESTAMP_ISO8601:logdate} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:logmessage}" }
66
+      add_field => [ "received_at", "%{@timestamp}" ]
67
+    }
68
+    date {
69
+      match => [ "logdate", "ISO8601" ]
70
+      locale => "en"
71
+      target => "@timestamp"
72
+    }
73
+    syslog_pri {
74
+      severity_labels => ["ERROR", "ERROR", "ERROR", "ERROR", "WARNING", "INFO", "INFO", "DEBUG" ]
75
+    }
76
+    if !("_grokparsefailure" in [tags]) {
77
+      mutate {
78
+        replace => [ "@source_host", "%{syslog_hostname}" ]
79
+      }
80
+    }
81
+    mutate {
82
+      add_field => [ "loglevel", "%{syslog_severity}" ]
83
+      add_field => [ "module", "%{syslog_program}" ]
84
+    }
85
+  } else if "swiftfmt" in [tags] {
86
+    grok {
87
+      match => { "message" => "^%{TIMESTAMP_ISO8601:logdate} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program} %{GREEDYDATA:logmessage}" }
88
+      add_field => [ "received_at", "%{@timestamp}" ]
89
+    }
90
+    syslog_pri {
91
+      severity_labels => ["ERROR", "ERROR", "ERROR", "ERROR", "WARNING", "INFO", "INFO", "DEBUG" ]
92
+    }
93
+    if !("_grokparsefailure" in [tags]) {
94
+      mutate {
95
+        replace => [ "@source_host", "%{syslog_hostname}" ]
96
+      }
97
+    }
98
+    mutate {
99
+      add_field => [ "loglevel", "%{syslog_severity}" ]
100
+      add_field => [ "module", "%{syslog_program}" ]
101
+    }
102
+    date {
103
+      match => [ "logdate", "ISO8601" ]
104
+      locale => "en"
105
+      target => "@timestamp"
106
+    }
107
+  }
108
+}
109
+
110
+
111
+output {
112
+  elasticsearch_http {
113
+    host => "127.0.0.1"
114
+  }
115
+}
116
+  

Loading…
Cancel
Save