[MediaWiki-commits] [Gerrit] logstash: Parse nginx access logs for wdqs - change (operations/puppet)

BryanDavis (Code Review) Tue, 19 Jul 2016 12:22:14 -0700

BryanDavis has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/299825


Change subject: logstash: Parse nginx access logs for wdqs
......................................................................

logstash: Parse nginx access logs for wdqs

* Change type from syslog to wdqs
* Add channel = nginx
* Remove syslog fields
* Parse access log line

Change-Id: I30007949807099d811e197773ff25772cc5e1393
---
M files/logstash/filter-syslog.conf
1 file changed, 34 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/25/299825/1

diff --git a/files/logstash/filter-syslog.conf 
b/files/logstash/filter-syslog.conf
index 429e8ad..5cc1825 100644
--- a/files/logstash/filter-syslog.conf
+++ b/files/logstash/filter-syslog.conf
@@ -145,5 +145,39 @@
         }
       }
     } # end [program] == "mediawiki"
+
+    if [program] == "wdqs" {
+      mutate {
+        replace => [ "type",  "wdqs" ]
+      }
+
+      # nginx access logs
+      if [facility_label] == "local7" {
+        # 
https://github.com/wikimedia/operations-puppet/blob/3218df6/modules/wdqs/templates/nginx.erb#L1-L6
+        grok {
+          match => [
+            "message",
+            "\[%{HTTPDATE:@timestamp}\] \"(?:%{WORD:verb} %{NOTSPACE:request} 
HTTP/%{NUMBER:httpversion}\" %{NUMBER:status} (?:%{NUMBER:body_bytes}|-) 
%{QS:referrer} %{QS:user_agent} %{NUMBER:request_time} %{NUMBER:upstream_time}"
+          ]
+          overwrite => [ "@timestamp" ]
+          named_captures_only => true
+        }
+        mutate {
+          replace => [ "message", "%{request}" ]
+          add_field => { "channel" => "nginx" }
+          # Remove syslog added fields
+          remove_field => [
+              "facility",
+              "facility_label",
+              "logsource",
+              "priority",
+              "program",
+              "severity",
+              "severity_label",
+              "timestamp"
+          ]
+        }
+      } # end [facility_label] == "local7"
+    } # end [program] == "wdqs"
   }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/299825
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I30007949807099d811e197773ff25772cc5e1393
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis <bda...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] logstash: Parse nginx access logs for wdqs - change (operations/puppet)

Reply via email to