From ecb27653d82625afcbf63fc2e02c03a81179bd02 Mon Sep 17 00:00:00 2001
From: Joe Gordon <joe.gordon0@gmail.com>
Date: Fri, 1 Aug 2014 15:28:09 +1000
Subject: [PATCH] Move keystone logs over to oslofrmt

After the successful implementation of
https://blueprints.launchpad.net/keystone/+spec/unified-logging-in-keystone
keystone uses oslo logging instead of its own. Update logstash settings
to reflect this.

We currently don't have any keystone logs in logstash, this should fix
that.

Change-Id: I7acfa35bfd112a15d2ec3aa7338fb28b37a827cb
---
 .../files/logstash/jenkins-log-client.yaml      |  6 +++---
 .../templates/logstash/indexer.conf.erb         | 17 -----------------
 2 files changed, 3 insertions(+), 20 deletions(-)

diff --git a/modules/openstack_project/files/logstash/jenkins-log-client.yaml b/modules/openstack_project/files/logstash/jenkins-log-client.yaml
index 31beb75fe0..67f81d755f 100644
--- a/modules/openstack_project/files/logstash/jenkins-log-client.yaml
+++ b/modules/openstack_project/files/logstash/jenkins-log-client.yaml
@@ -90,7 +90,7 @@ source-files:
   - name: logs/screen-key.txt
     tags:
       - screen
-      - keystonefmt
+      - oslofmt
   - name: logs/screen-n-api.txt
     tags:
       - screen
@@ -214,7 +214,7 @@ source-files:
   - name: logs/new/screen-key.txt
     tags:
       - screen
-      - keystonefmt
+      - oslofmt
     job-filter: '.*grenade.*'
   - name: logs/new/screen-n-api.txt
     tags:
@@ -340,7 +340,7 @@ source-files:
   - name: logs/old/screen-key.txt
     tags:
       - screen
-      - keystonefmt
+      - oslofmt
     job-filter: '.*grenade.*'
   - name: logs/old/screen-n-api.txt
     tags:
diff --git a/modules/openstack_project/templates/logstash/indexer.conf.erb b/modules/openstack_project/templates/logstash/indexer.conf.erb
index 44145ad811..36d7879292 100644
--- a/modules/openstack_project/templates/logstash/indexer.conf.erb
+++ b/modules/openstack_project/templates/logstash/indexer.conf.erb
@@ -48,23 +48,6 @@ filter {
       match => { "message" => "(?m)^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \[?\b%{NOTSPACE:module}\b\]?%{SPACE}?%{GREEDYDATA:logmessage}?" }
       add_field => { "received_at" => "%{@timestamp}" }
     }
-  } else if "keystonefmt" in [tags] {
-    if [message] == "" {
-      drop {}
-    }
-    multiline {
-      negate => true
-      pattern => "^\(\b%{NOTSPACE}\b\):"
-      what => "previous"
-      stream_identity => "%{host}.%{filename}"
-    }
-    grok {
-      # Do multiline matching as the above mutliline filter may add newlines
-      # to the log messages.
-      # TODO move the LOGLEVELs into a proper grok pattern.
-      match => { "message" => "(?m)^\(\b%{NOTSPACE:module}\b\):%{SPACE}%{TIMESTAMP_ISO8601:logdate}%{SPACE}(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR)%{SPACE}%{GREEDYDATA:logmessage}" }
-      add_field => { "received_at" => "%{@timestamp}" }
-    }
   } else if "apachecombined" in [tags] {
     grok {
       match => { "message" => "%{COMBINEDAPACHELOG}" }