Merge "Move keystone logs over to oslofrmt"

modules/openstack_project/files/logstash/jenkins-log-client.yaml

@@ -105,7 +105,7 @@ source-files:
   - name: logs/screen-key.txt
     tags:
       - screen
-      - keystonefmt
+      - oslofmt
   - name: logs/screen-n-api.txt
     tags:
       - screen
@@ -229,7 +229,7 @@ source-files:
   - name: logs/new/screen-key.txt
     tags:
       - screen
-      - keystonefmt
+      - oslofmt
     job-filter: '.*grenade.*'
   - name: logs/new/screen-n-api.txt
     tags:
@@ -355,7 +355,7 @@ source-files:
   - name: logs/old/screen-key.txt
     tags:
       - screen
-      - keystonefmt
+      - oslofmt
     job-filter: '.*grenade.*'
   - name: logs/old/screen-n-api.txt
     tags:

modules/openstack_project/templates/logstash/indexer.conf.erb

@@ -48,23 +48,6 @@ filter {
       match => { "message" => "(?m)^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \[?\b%{NOTSPACE:module}\b\]?%{SPACE}?%{GREEDYDATA:logmessage}?" }
       add_field => { "received_at" => "%{@timestamp}" }
     }
-  } else if "keystonefmt" in [tags] {
-    if [message] == "" {
-      drop {}
-    }
-    multiline {
-      negate => true
-      pattern => "^\(\b%{NOTSPACE}\b\):"
-      what => "previous"
-      stream_identity => "%{host}.%{filename}"
-    }
-    grok {
-      # Do multiline matching as the above mutliline filter may add newlines
-      # to the log messages.
-      # TODO move the LOGLEVELs into a proper grok pattern.
-      match => { "message" => "(?m)^\(\b%{NOTSPACE:module}\b\):%{SPACE}%{TIMESTAMP_ISO8601:logdate}%{SPACE}(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR)%{SPACE}%{GREEDYDATA:logmessage}" }
-      add_field => { "received_at" => "%{@timestamp}" }
-    }
   } else if "apachecombined" in [tags] {
     grok {
       match => { "message" => "%{COMBINEDAPACHELOG}" }