Jeremy Stanley fungi at yuggoth.org
Tue Oct 7 14:31:07 UTC 2014

On 2014-10-07 07:40:55 +0000 (+0000), Robert van Leeuwen wrote:
> We recently setup logstash here and doing the grok magic was quite
> a pain with all the different way's the logging is formatted. We
> also throw a bit in the bin because there is no useful info in it.
> Looking at our logstash grok I could probably make some
> suggestions on what we find useful and not :)

Indeed, OpenStack's project infrastructure and quality assurance
teams have been collaboratively managing a very large
logstash+elasticsearch cluster for use in classifying bugs witnessed
while performing CI testing on proposed changes. The initial lack of
consistency between the log formats of various services was
maddening, and so we've been helping drive increased convergence
over subsequent releases (hopefully you'll be pleased with the
improvements there in Juno!). For the moment, our grok rules are
here if it helps anyone:

<URL: https://git.openstack.org/cgit/openstack-infra/config/tree/modules/openstack_project/templates/logstash/indexer.conf.erb >

Jeremy Stanley

