[heka] Apache Traffic Server log parsing with graphs

Tue, 17 Mar 2015 10:45:50 -0700 

Hello,
I'm trying to build some graphs from an ATS Server log file (custom format). Here is a copy of the config that I came up with: 

[ats_access_logs]
type="LogstreamerInput"
splitter = "TokenSplitter"
decoder = "ATS_transform_decoder"
log_directory = "/var/log/ats"
file_match = "custom_ats_psp6cdatsec04.log"

[ATS_transform_decoder]
type = "PayloadRegexDecoder"

match_regex = '(?P<UnixTimestamp>[\d]+\.[\d]+) chi=(?P<chi>\S+) 
phn=(?P<phn>\S+) shn=(?P<shn>\S+) url=(?P<url>\S+) cqhm=(?P<cqhm>\w+) 
cqhv=(?P<cqhv>\S+) pssc=(?P<pssc>\d+) ttms=(?P<ttms>\d+) b=(?P<b>\d+) 
sssc=(?P<sssc>\d+) sscl=(?P<sscl>\d+) cfsc=(?P<cfsc>\S+) 
pfsc=(?P<pfsc>\S+) crc=(?P<crc>\S+) phr=(?P<phr>\S+) uas=(?P<uas>\S+)'

#timestamp_layout= 'Dec 14 07:57:35'

   [ATS_transform_decoder.message_fields]
   Type = "ats_access"
   host = "%phn%"
   shn = "%shn%"
   clientip = "%chi%"
   Timestamp = "%UnixTimestamp%"
   useragent = "%uas%"
   uri = "%url%"
   method = "%cqhm%"
   status = "%pssc%"
   crc = "%crc%"
   phr = "%phr%"
   version = "%cqhv%"
   request_duration = "%ttms%"


[ATSServer]
type = "SandboxFilter"
filename = "lua_filters/ats_graph.lua"
ticker_interval = 60
preserve_data = true
message_matcher = "Fields['Type'] == 'ats_access'"

   [ATSServer.config]
   sec_per_row = 60
   rows = 1440

   # anomaly_config = 'roc("HTTP Status", 2, 15, 0, 1.5, true, false) 
roc("HTTP Status", 4, 15, 0, 1.5, true, false) mww_nonparametric("HTTP 
Status", 5, 15, 10, 0.8)'

   preservation_version = 1

[DashboardOutput]
ticker_interval = 60


I took the http_graph.lua and modified it slightly to fit the above. I 
added some debug lines to the ats_graph.lua:

   table.insert(dbg, "Exiting function process_message")

   inject_payload ("txt", "debug", table.concat(dbg, "\n"))

I can't find where these are being written.


From what I can tell the messages aren't making it to the 
SandboxFilter. I'm thinking the message_matcher is wrong?


Any help would be greatly appreciated.


If I can get this working I plan on trying to write a ATS log decoder 
that I would be happy to share.


Thanks,
Hank
_______________________________________________
Heka mailing list
[email protected]
https://mail.mozilla.org/listinfo/heka






















					Reply via email to