#=============================================================================== filter { #--------------------------------------------------------------------------- # Parse & tag nova logs if "nova-generic" in [tags] { #----------------------------------------------------------------------- # Parse & tag nova request-id's # i.e.: # 1) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [req-264fe290-42c6-4252-9a87-c20685d360f1 23101739b41842babf322615686cdbf9 d6a76ef3d2a54fbbbdcf7694e4900c5d] 192.168.1.100 "GET /v2/d6a76ef3d2a54fbbbdcf7694e4900c5d/flavors/detail HTTP/1.1" status: 200 len: 2273 time: 0.1098659 grok { match => ["@message", "\[req-%{UUID:request_id} %{WORD:request_user_id} %{WORD:request_tenant_id}\] %{GREEDYDATA:message}"] add_tag => [ "nova-request-id" ] break_on_match => false overwrite => ["message"] # overwrites original message with whats left tag_on_failure => [] } #----------------------------------------------------------------------- # Parse & tag nova HTTP GET requests # i.e.: # 1) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [req-264fe290-42c6-4252-9a87-c20685d360f1 23101739b41842babf322615686cdbf9 d6a76ef3d2a54fbbbdcf7694e4900c5d] 192.168.1.100 "GET /v2/d6a76ef3d2a54fbbbdcf7694e4900c5d/flavors/detail HTTP/1.1" status: 200 len: 2273 time: 0.1098659 grok { match => [ "@message", "GET (/v%{NUMBER:api_version})?/%{WORD:tenant_id}/%{DATA:api_func}(/%{DATA:api_func_path})? %{GREEDYDATA:message}" ] add_tag => [ "nova-get-request" ] break_on_match => false overwrite => ["message"] # overwrites original message with whats left tag_on_failure => [] } #----------------------------------------------------------------------- # Parse & tag nova HTTP POST requests # i.e.: # 1) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [req-1020ef31-7c3f-4ae9-a156-d04cbff43026 44aecbd3d6e34b90a8c2028c5352175b e8ca4ebd592b4e20861c5a06813d3c78] 192.168.1.100 "POST /v2/e8ca4ebd592b4e20861c5a06813d3c78/servers HTTP/1.1" status: 202 len: 739 time: 0.6813190 grok { match => [ "@message", "POST (/v%{NUMBER:api_version})?/%{WORD:tenant_id}/%{DATA:api_func}(/%{DATA:api_func_path})? %{GREEDYDATA:message}" ] add_tag => [ "nova-post-request" ] break_on_match => false overwrite => ["message"] # overwrites original message with whats left tag_on_failure => [] } #----------------------------------------------------------------------- # Parse & tag nova HTTP info from GET & POST requests if "nova-get-request" in [tags] or "nova-post-request" in [tags] { #------------------------------------------------------------------- # Generic HTTP info i.e.: # 1) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [req-264fe290-42c6-4252-9a87-c20685d360f1 23101739b41842babf322615686cdbf9 d6a76ef3d2a54fbbbdcf7694e4900c5d] 192.168.1.100 "GET /v2/d6a76ef3d2a54fbbbdcf7694e4900c5d/flavors/detail HTTP/1.1" status: 200 len: 2273 time: 0.1098659 # 2) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [req-1020ef31-7c3f-4ae9-a156-d04cbff43026 44aecbd3d6e34b90a8c2028c5352175b e8ca4ebd592b4e20861c5a06813d3c78] 192.168.1.100 "POST /v2/e8ca4ebd592b4e20861c5a06813d3c78/servers HTTP/1.1" status: 202 len: 739 time: 0.6813190 grok { match => [ "@message", 'HTTP/%{NUMBER:httpversion}\" status: %{NUMBER:response} len: %{NUMBER:bytes} time: %{NUMBER:httptime}' ] add_tag => [ "nova-http-request" ] remove_field => ["message"] break_on_match => false tag_on_failure => [] } #------------------------------------------------------------------- } #----------------------------------------------------------------------- } #--------------------------------------------------------------------------- } #===============================================================================