On 2014-10-07 07:40:55 +0000 (+0000), Robert van Leeuwen wrote: [...] > We recently setup logstash here and doing the grok magic was quite > a pain with all the different way's the logging is formatted. We > also throw a bit in the bin because there is no useful info in it. > > Looking at our logstash grok I could probably make some > suggestions on what we find useful and not :)
Indeed, OpenStack's project infrastructure and quality assurance teams have been collaboratively managing a very large logstash+elasticsearch cluster for use in classifying bugs witnessed while performing CI testing on proposed changes. The initial lack of consistency between the log formats of various services was maddening, and so we've been helping drive increased convergence over subsequent releases (hopefully you'll be pleased with the improvements there in Juno!). For the moment, our grok rules are here if it helps anyone: <URL: https://git.openstack.org/cgit/openstack-infra/config/tree/modules/openstack_project/templates/logstash/indexer.conf.erb > -- Jeremy Stanley _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
