[MediaWiki-commits] [Gerrit] logstash: Parse apache2 events where day of month < 10 - change (operations/puppet)

Mon, 03 Feb 2014 14:14:58 -0800 

Ottomata has submitted this change and it was merged.

Change subject: logstash: Parse apache2 events where day of month < 10
......................................................................


logstash: Parse apache2 events where day of month < 10

The date format used in the apache2 log stream pads the day of month
field of it's timestamp with spaces rather than zeros or leaving the
value as a variable width string. The logstash grok filter we were using
previously did not account for the space padding. Also adds date parsing
support for the space padded dates.

The changeset also corrects an obvious typo in the date format for fatal
events.

Bug:60772
Change-Id: I0546094fb0a3fb266515e2aeeb55ba7b303b560c
---
M files/logstash/filter-mw-via-udp2log.conf
1 file changed, 3 insertions(+), 3 deletions(-)

Approvals:
  Ottomata: Verified; Looks good to me, approved



diff --git a/files/logstash/filter-mw-via-udp2log.conf 
b/files/logstash/filter-mw-via-udp2log.conf
index 40400bb..2dc8a06 100644
--- a/files/logstash/filter-mw-via-udp2log.conf
+++ b/files/logstash/filter-mw-via-udp2log.conf
@@ -115,7 +115,7 @@
       grok {
         match => [
           "message",
-          "^(?<logdate>%{MONTH} %{MONTHDAY} %{TIME}) 
%{NOTSPACE:host}:%{SPACE}%{GREEDYDATA:message}$"
+          "^(?<logdate>%{MONTH}\s+%{MONTHDAY} %{TIME}) 
%{NOTSPACE:host}:%{SPACE}%{GREEDYDATA:message}$"
         ]
         overwrite => [ "host", "message" ]
         named_captures_only => true
@@ -132,7 +132,7 @@
       if !("_grokparsefailure" in [tags]) {
         # Use the parsed timestamp as canonical for the event
         date {
-          match => [ "logdate", "MMM dd HH:mm:ss" ]
+          match => [ "logdate", "MMM dd HH:mm:ss", "MMM  d HH:mm:ss" ]
           remove_field => [ "logdate" ]
           add_tag => [ "logdate" ]
         }
@@ -243,7 +243,7 @@
       if !("_grokparsefailure" in [tags]) {
         # Use the parsed timestamp as canonical for the event
         date {
-          match => [ "logdate", "dd-MMM-YYYY-MM HH:mm:ss" ]
+          match => [ "logdate", "dd-MMM-YYYY HH:mm:ss" ]
           remove_field => [ "logdate" ]
           add_tag => [ "logdate" ]
         }

-- 
To view, visit https://gerrit.wikimedia.org/r/110971
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0546094fb0a3fb266515e2aeeb55ba7b303b560c
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: Ottomata <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to