Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[Aaron Hicks]

Late to the game, but this is the best ranked answer so far: Is there a 
callback that logs _directly_ to ElasticSearch without logstash?

On Saturday, January 28, 2017 at 9:06:10 AM UTC+13, Ievgen Khmelenko wrote:
>
> Try to use the new version 
> https://github.com/ujenmr/ansible-logstash-callback
>
> On Thursday, January 26, 2017 at 11:13:53 PM UTC+2, Ievgen Khmelenko wrote:
>>
>> Hi,
>>
>> I'm author of the module, I can fix it. I will return with result...
>>
>> Ievgen
>>
>> On Wednesday, January 18, 2017 at 1:20:20 PM UTC+2, dubravko sever wrote:
>>>
>>> Hi,
>>>
>>> Using given callback I'm able to log events from ansible to 
>>> logstash/elastic search. But can't search ansible_result field because it 
>>> represent field as string, for instance:
>>> "{"changed":"false", "msg":"some message"}".
>>>
>>>
>>> In ELK I'm trying to get format like this one
>>>
>>>  "ansible_result":{
>>>
>>>
>>>
>>>
>>>
>>> Any ideas how to resolve this issue?
>>>
>>> Dubravko
>>>
>>>
>>>
>>> On Saturday, December 17, 2016 at 8:22:30 PM UTC+1, dubravko sever wrote:

 Hi,

 Exactly I've been looking for, if it collects json results from ansible 
 (will test it)

 Thanks
 Dubravko

 On Saturday, December 17, 2016 at 7:15:05 PM UTC+1, Gabriel Rosca wrote:
>
> What about the callback module :) 
>
>
> https://github.com/ujenmr/ansible-logstash-callback/blob/master/README.md
>
> Regards,
> Gabriel
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e2b9b513-e896-40eb-b0a3-a29bda19d67e%40googlegroups.com.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[Mihai - Cristian Satmarean]

hi David, I am trying today nearly the same thing, the paste bin you had
there is gone, is it working what you tried, have you a working example to
share around?
Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPm0ozPAbRyoY%2Bj%3DPKkVPiHSgEhS6zfthG3dHzsaVOb_y%2BEFcQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[Ievgen Khmelenko]

Try to use the new 
version https://github.com/ujenmr/ansible-logstash-callback

On Thursday, January 26, 2017 at 11:13:53 PM UTC+2, Ievgen Khmelenko wrote:
>
> Hi,
>
> I'm author of the module, I can fix it. I will return with result...
>
> Ievgen
>
> On Wednesday, January 18, 2017 at 1:20:20 PM UTC+2, dubravko sever wrote:
>>
>> Hi,
>>
>> Using given callback I'm able to log events from ansible to 
>> logstash/elastic search. But can't search ansible_result field because it 
>> represent field as string, for instance:
>> "{"changed":"false", "msg":"some message"}".
>>
>>
>> In ELK I'm trying to get format like this one
>>
>>  "ansible_result":{
>>
>>
>>
>>
>>
>> Any ideas how to resolve this issue?
>>
>> Dubravko
>>
>>
>>
>> On Saturday, December 17, 2016 at 8:22:30 PM UTC+1, dubravko sever wrote:
>>>
>>> Hi,
>>>
>>> Exactly I've been looking for, if it collects json results from ansible 
>>> (will test it)
>>>
>>> Thanks
>>> Dubravko
>>>
>>> On Saturday, December 17, 2016 at 7:15:05 PM UTC+1, Gabriel Rosca wrote:

 What about the callback module :) 


 https://github.com/ujenmr/ansible-logstash-callback/blob/master/README.md

 Regards,
 Gabriel



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7f6d9412-1452-4a6b-b68c-06f5f68e4430%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[Ievgen Khmelenko]

Hi,

I'm author of the module, I can fix it. I will return with result...

Ievgen

On Wednesday, January 18, 2017 at 1:20:20 PM UTC+2, dubravko sever wrote:
>
> Hi,
>
> Using given callback I'm able to log events from ansible to 
> logstash/elastic search. But can't search ansible_result field because it 
> represent field as string, for instance:
> "{"changed":"false", "msg":"some message"}".
>
>
> In ELK I'm trying to get format like this one
>
>  "ansible_result":{
>
>
>
>
>
> Any ideas how to resolve this issue?
>
> Dubravko
>
>
>
> On Saturday, December 17, 2016 at 8:22:30 PM UTC+1, dubravko sever wrote:
>>
>> Hi,
>>
>> Exactly I've been looking for, if it collects json results from ansible 
>> (will test it)
>>
>> Thanks
>> Dubravko
>>
>> On Saturday, December 17, 2016 at 7:15:05 PM UTC+1, Gabriel Rosca wrote:
>>>
>>> What about the callback module :) 
>>>
>>> https://github.com/ujenmr/ansible-logstash-callback/blob/master/README.md
>>>
>>> Regards,
>>> Gabriel
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7739882d-7925-449f-9eec-4f9162c08fa7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[dubravko sever]

Hi,

Using given callback I'm able to log events from ansible to 
logstash/elastic search. But can't search ansible_result field because it 
represent field as string, for instance:
"{"changed":"false", "msg":"some message"}".


In ELK I'm trying to get format like this one

 "ansible_result":{





Any ideas how to resolve this issue?

Dubravko



On Saturday, December 17, 2016 at 8:22:30 PM UTC+1, dubravko sever wrote:
>
> Hi,
>
> Exactly I've been looking for, if it collects json results from ansible 
> (will test it)
>
> Thanks
> Dubravko
>
> On Saturday, December 17, 2016 at 7:15:05 PM UTC+1, Gabriel Rosca wrote:
>>
>> What about the callback module :) 
>>
>> https://github.com/ujenmr/ansible-logstash-callback/blob/master/README.md
>>
>> Regards,
>> Gabriel
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3d9719de-a72a-4ea5-8341-2db8485de540%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[dubravko sever]

Hi,

Exactly I've been looking for, if it collects json results from ansible 
(will test it)

Thanks
Dubravko

On Saturday, December 17, 2016 at 7:15:05 PM UTC+1, Gabriel Rosca wrote:
>
> What about the callback module :) 
>
> https://github.com/ujenmr/ansible-logstash-callback/blob/master/README.md
>
> Regards,
> Gabriel
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dd8285ae-9438-4611-ac18-9d159c118569%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[Gabriel Rosca]

What about the callback module :) 

https://github.com/ujenmr/ansible-logstash-callback/blob/master/README.md

Regards,
Gabriel

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/53c04d0b-ebc8-466a-bfcf-8e4951c0f5cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[dubravko sever]

Hi David

This post is quite old, but can you share your experience with me, because 
I'm trying to build something like you have done.
I'me trying to build environment that is able to track security policies 
applied at server level, and than I cold create pretty reports from 
Elastic/Kibana, and use it for generating inventory items.

Thanks in advance.

Thanks
Dubravko 


On Wednesday, July 8, 2015 at 12:32:47 AM UTC+2, David Reagan wrote:
>
> Ah, that makes sense. Thanks!
>
> --David Reagan
>
> On Tue, Jul 7, 2015 at 1:19 PM, Brian Coca  > wrote:
>
>> status will be OK in both cases, you need to look at changed : true/false
>>
>> On Tue, Jul 7, 2015 at 2:26 PM, David Reagan > > wrote:
>> > With some work I have almost exactly what I want. See:
>> > http://pastebin.com/G819PEZY
>> >
>> > Questions: The status of that restart apache 2 task should be "CHANGED",
>> > since it actually did change during the play run. But it seems like the
>> > value for changed tasks is always "OK". Is there a way to change that?
>> >
>> >
>> >
>> > --David Reagan
>> >
>> > On Mon, Jul 6, 2015 at 5:37 PM, David Reagan > > wrote:
>> >>
>> >> The default log_plays doesn't actually output all the information I 
>> need.
>> >>
>> >> I have lots of stuff going to syslog and then into ELK already, but in
>> >> this case, I figured I'd just let logstash-forwarder watch the ansible 
>> log
>> >> file. Then format the output so that logstash doesn't have to filter 
>> it at
>> >> all.
>> >>
>> >> Currently, I figured out how to get valid json out per line. But I'm 
>> stuck
>> >> figuring out how to get the task name, the role name, and the command 
>> line
>> >> command information.
>> >>
>> >> Are there global vars I can reference from the plugin? Where could I 
>> find
>> >> a list of them?
>> >>
>> >>
>> >> --David Reagan
>> >>
>> >> On Mon, Jul 6, 2015 at 5:25 PM, Brian Coca > > wrote:
>> >>>
>> >>> log_plays was designed to drop the json to syslog-ng which would then
>> >>> push it to elastic search w/o need for logstash, probably easier to
>> >>> just setup syslog-ng to do the same.
>> >>>
>> >>>
>> >>> --
>> >>> Brian Coca
>> >>>
>> >>> --
>> >>> You received this message because you are subscribed to a topic in the
>> >>> Google Groups "Ansible Project" group.
>> >>> To unsubscribe from this topic, visit
>> >>> 
>> https://groups.google.com/d/topic/ansible-project/zOjsYxLN578/unsubscribe
>> .
>> >>> To unsubscribe from this group and all its topics, send an email to
>> >>> ansible-proje...@googlegroups.com .
>> >>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> >>> To view this discussion on the web visit
>> >>> 
>> https://groups.google.com/d/msgid/ansible-project/CAJ5XC8n722sXnV547ZCjrTxBeaDQOqxzxQ1QEs0fYeq5AuQ6Sg%40mail.gmail.com
>> .
>> >>> For more options, visit https://groups.google.com/d/optout.
>> >>
>> >>
>> >
>> > --
>> > You received this message because you are subscribed to the Google 
>> Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an
>> > email to ansible-proje...@googlegroups.com .
>> > To post to this group, send email to ansible...@googlegroups.com 
>> .
>> > To view this discussion on the web visit
>> > 
>> https://groups.google.com/d/msgid/ansible-project/CANo%2B_AfMFvypiqYdFWbOopLNNa3yx_Y-vxQBmY%2BHiY85fYCSYg%40mail.gmail.com
>> .
>> >
>> > For more options, visit https://groups.google.com/d/optout.
>>
>>
>>
>> --
>> Brian Coca
>>
>> --
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/ansible-project/zOjsYxLN578/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to 
>> ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nvqO_3HKZmfBD_NhxW6nY7mfoZHPCuZTfz%2B2QiRM1QJQ%40mail.gmail.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/53ae5631-4ec2-4212-a078-4814bcef87ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[David Reagan]

With some work I have almost exactly what I want. See:
http://pastebin.com/G819PEZY

Questions: The status of that restart apache 2 task should be CHANGED,
since it actually did change during the play run. But it seems like the
value for changed tasks is always OK. Is there a way to change that?



--David Reagan

On Mon, Jul 6, 2015 at 5:37 PM, David Reagan jer...@gmail.com wrote:

 The default log_plays doesn't actually output all the information I need.

 I have lots of stuff going to syslog and then into ELK already, but in
 this case, I figured I'd just let logstash-forwarder watch the ansible log
 file. Then format the output so that logstash doesn't have to filter it at
 all.

 Currently, I figured out how to get valid json out per line. But I'm stuck
 figuring out how to get the task name, the role name, and the command line
 command information.

 Are there global vars I can reference from the plugin? Where could I find
 a list of them?


 --David Reagan

 On Mon, Jul 6, 2015 at 5:25 PM, Brian Coca bc...@ansible.com wrote:

 log_plays was designed to drop the json to syslog-ng which would then
 push it to elastic search w/o need for logstash, probably easier to
 just setup syslog-ng to do the same.


 --
 Brian Coca

 --
 You received this message because you are subscribed to a topic in the
 Google Groups Ansible Project group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/ansible-project/zOjsYxLN578/unsubscribe
 .
 To unsubscribe from this group and all its topics, send an email to
 ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/CAJ5XC8n722sXnV547ZCjrTxBeaDQOqxzxQ1QEs0fYeq5AuQ6Sg%40mail.gmail.com
 .
 For more options, visit https://groups.google.com/d/optout.




-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANo%2B_AfMFvypiqYdFWbOopLNNa3yx_Y-vxQBmY%2BHiY85fYCSYg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[Brian Coca]

status will be OK in both cases, you need to look at changed : true/false

On Tue, Jul 7, 2015 at 2:26 PM, David Reagan jer...@gmail.com wrote:
 With some work I have almost exactly what I want. See:
 http://pastebin.com/G819PEZY

 Questions: The status of that restart apache 2 task should be CHANGED,
 since it actually did change during the play run. But it seems like the
 value for changed tasks is always OK. Is there a way to change that?



 --David Reagan

 On Mon, Jul 6, 2015 at 5:37 PM, David Reagan jer...@gmail.com wrote:

 The default log_plays doesn't actually output all the information I need.

 I have lots of stuff going to syslog and then into ELK already, but in
 this case, I figured I'd just let logstash-forwarder watch the ansible log
 file. Then format the output so that logstash doesn't have to filter it at
 all.

 Currently, I figured out how to get valid json out per line. But I'm stuck
 figuring out how to get the task name, the role name, and the command line
 command information.

 Are there global vars I can reference from the plugin? Where could I find
 a list of them?


 --David Reagan

 On Mon, Jul 6, 2015 at 5:25 PM, Brian Coca bc...@ansible.com wrote:

 log_plays was designed to drop the json to syslog-ng which would then
 push it to elastic search w/o need for logstash, probably easier to
 just setup syslog-ng to do the same.


 --
 Brian Coca

 --
 You received this message because you are subscribed to a topic in the
 Google Groups Ansible Project group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/ansible-project/zOjsYxLN578/unsubscribe.
 To unsubscribe from this group and all its topics, send an email to
 ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/CAJ5XC8n722sXnV547ZCjrTxBeaDQOqxzxQ1QEs0fYeq5AuQ6Sg%40mail.gmail.com.
 For more options, visit https://groups.google.com/d/optout.



 --
 You received this message because you are subscribed to the Google Groups
 Ansible Project group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/CANo%2B_AfMFvypiqYdFWbOopLNNa3yx_Y-vxQBmY%2BHiY85fYCSYg%40mail.gmail.com.

 For more options, visit https://groups.google.com/d/optout.



-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nvqO_3HKZmfBD_NhxW6nY7mfoZHPCuZTfz%2B2QiRM1QJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Send playbook output to Logstash/Elasticsearch

[Brian Coca]

log_plays was designed to drop the json to syslog-ng which would then
push it to elastic search w/o need for logstash, probably easier to
just setup syslog-ng to do the same.


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8n722sXnV547ZCjrTxBeaDQOqxzxQ1QEs0fYeq5AuQ6Sg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.