Hi,
Here are some suggestions from my experience:
1. Input patterns could be simplified by * matches, e.g.:
file {
path => [ "/var/log/remote/*.domain.tld/neutron*" ]
exclude => "*.gz"
}
2. Logs could be parsed by the following pattern:
grok {
patterns_dir => "patterns"
match => { "message" => "%{MOS_FUEL_PREFIX}" }
}
where
MOS_FUEL_PREFIX %{TIMESTAMP_ISO8601:fuel_timestamp}
%{LOGLEVEL:fuel_level}:\s+%{GREEDYDATA:fuel_message}
(the pattern is stored in file called 'patterns')
Regards,
Ilya
2015-03-09 17:13 GMT+03:00 Foss Geek <thefossgeek at gmail.com>:
> Dear All,
>
> I have a openstack HA environment deployed using fuel 5.1. Fuel master
> node collects all the node logs under /var/log/docker-logs/remote/
> directory.
>
> I have installed Logstash on fuel master node. Here is Logstash.conf:
>
> http://paste.openstack.org/show/190985/
>
> Here is rsyslog Template format:
>
> # cat /etc/rsyslog.d/00-remote.conf | grep Template
>
> # Templates
> $Template RemoteLog, "<%pri%>%timestamp% %hostname%
> %syslogtag%%msg:::sp-if-no-1st-sp%%msg%\n"
>
> $ActionFileDefaultTemplate RemoteLog
>
> Is there any grok pattern reference for fuel centralized logs?
>
> Thanks for your time.
>
> --
> Thanks & Regards
> E-Mail: thefossgeek at gmail.com
> IRC: neophy
> Blog : http://lmohanphy.livejournal.com/
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150310/a5739a9a/attachment.html>