From 8e1215bb03b4fd16800f227d4baad2ae31e95871 Mon Sep 17 00:00:00 2001
From: Clark Boylan <cboylan@sapwetik.org>
Date: Thu, 12 Nov 2015 20:33:59 +0000
Subject: [PATCH] Revert "Special case ansible logs"

This reverts commit 261b07deb6ba80859fea92aad3ad39759f2000c1.

ElasticSearch is erroring with:
Caused by:
org.elasticsearch.common.util.concurrent.UncheckedExecutionException:
org.elasticsearch.common.breaker.CircuitBreakingException:
[FIELDDATA] Data too large, data for [@timestamp]

This is the only recent change to parsing of fields so I think
it must be related. Revert for now until we can debug.

Change-Id: I66bf1669313d9a5a38da40d075c125cdd1cded39
---
 modules/openstack_project/templates/logstash/indexer.conf.erb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/modules/openstack_project/templates/logstash/indexer.conf.erb b/modules/openstack_project/templates/logstash/indexer.conf.erb
index 7b4eaf8ce5..d18cef39b2 100644
--- a/modules/openstack_project/templates/logstash/indexer.conf.erb
+++ b/modules/openstack_project/templates/logstash/indexer.conf.erb
@@ -18,9 +18,7 @@ filter {
     }
     multiline {
       negate => true
-      # Special case ansible output here because it likes to go on its own
-      # line without a timestamp but isn't part of a mulitline event.
-      pattern => "(^%{TIMESTAMP_ISO8601} \||^%{WORD}%{SPACE}\|%{SPACE}%{WORD}%{SPACE}\|%{SPACE}rc=%{NUMBER}%{SPACE}>>$)"
+      pattern => "^%{TIMESTAMP_ISO8601} \|"
       what => "previous"
       stream_identity => "%{host}.%{filename}"
     }