Logging work

Right now Rsyslog->ES will log like: logstash-YYYY.MM.DD.HH This creates a ton of indexes making search much harder. This commit removes the .HH so we have: logstash-YYYY.MM.DD This also patches the template to work with ES5 Change-Id: Iaef70f51601da504b769165e8593603adc484225
2018-04-30 13:36:53 -04:00 · 2018-04-30 13:36:53 -04:00 · 9ff9e35c12
commit 9ff9e35c12
parent 8846215237
2 changed files with 48 additions and 27 deletions
--- a/ansible/install/roles/rsyslog-templates/templates/02-templates.conf.j2
+++ b/ansible/install/roles/rsyslog-templates/templates/02-templates.conf.j2
@ -27,8 +27,6 @@ template(name="logstash-index-pattern" type="list") {
    property(name="timereported" dateFormat="rfc3339" position.from="6" position.to="7")
    constant(value=".")
    property(name="timereported" dateFormat="rfc3339" position.from="9" position.to="10")
-    constant(value=".")
-    property(name="timereported" dateFormat="rfc3339" position.from="12" position.to="13")
    }
 # this is for formatting our syslog data in JSON with @timestamp using a "hierarchical" metdata namespace
 template(name="com-redhat-rsyslog-hier"
--- a/elastic/templates/browbeat-logstash-.json
+++ b/elastic/templates/browbeat-logstash-.json
@ -1,34 +1,57 @@
 {
-    template: "browbeat-logstash-*",
-    mappings: {
-        result: {
-            properties: {
-                action: {
-                    index: "not_analyzed",
-                    type: "string"
-                },
-                browbeat_cloud_name: {
-                    index: "not_analyzed",
-                    type: "string"
-                },
-                message: {
-                    properties: {
-                        openstack-general-system-performance: {
-                            index: "not_analyzed",
-                            type: "string"
+    "template": "logstash-*",
+    "settings": {
+        "index": {
+            "number_of_shards": "5",
+            "number_of_replicas": "0",
+            "mapping": {
+                "total_fields": {
+                    "limit": "5000"
+                }
+            }
+        }
+    },
+    "mappings": {
+        "result": {
+            "properties": {
+                "CEE": {
+                    "properties": {
+                        "failed": {
+                            "index": "not_analyzed",
+                            "type": "string"
+                        },
+                        "suspended": {
+                            "index": "not_analyzed",
+                            "type": "string"
                        }
                    }
                },
-                level: {
-                    type: "string"
+                "action": {
+                    "index": "not_analyzed",
+                    "type": "string"
                },
-                hostname: {
-                    index: "not_analyzed",
-                    type: "string"
+                "browbeat_cloud_name": {
+                    "index": "not_analyzed",
+                    "type": "string"
                },
-                timestamp: {
-                    type: "date",
-                    format: "strict_date_optional_time||epoch_millis"
+                "message": {
+                    "properties": {
+                        "openstack-general-system-performance": {
+                            "index": "not_analyzed",
+                            "type": "string"
+                        }
+                    }
+                },
+                "level": {
+                    "type": "string"
+                },
+                "hostname": {
+                    "index": "not_analyzed",
+                    "type": "string"
+                },
+                "timestamp": {
+                    "type": "date",
+                    "format": "strict_date_optional_time||epoch_millis"
                }
            }
        }