gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-416: review collect postgres logs to elk-stack

Browse Source
feature/DEV-470_2nd
Sven Ketelsen 4 years ago
parent 0186de2e94
commit 72ff5db355
2 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File

26
templates/filebeat/config/filebeat.yml.j2
Unescape Escape View File

@ -7,43 +7,39 @@ filebeat.modules:
enabled: true enabled: true
auth: auth:
enabled: true enabled: true
{% if filebeat_postgres_enabled | default(false) %}
{% if filebeat_postgres_enabled | default(false) -%}
- module: postgresql - module: postgresql
log: log:
enabled: true enabled: true
{% endif -%} {% endif %}
{% if filebeat_maria_enabled | default(false) %}
{% if filebeat_maria_enabled | default(false) -%}
- module: mysql - module: mysql
error: error:
enabled: true enabled: true
slowlog: slowlog:
enabled: true enabled: true
{% endif -%} {% endif -%}
{% if filebeat_inputs is defined %}
filebeat.inputs: filebeat.inputs:
{% if filebeat_inputs is defined %} {% for filebeat_input in filebeat_inputs %}
{% for elem in filebeat_inputs %} - type: {{ filebeat_input.type }}
- type: {{ elem.type }}
paths: paths:
{% for path in elem.paths %} {% for path in filebeat_input.paths %}
- {{ path }} - {{ path }}
{% endfor %} {% endfor %}
{%+ if elem.fields is defined -%} {%+ if filebeat_input.fields is defined -%}
fields: fields:
{% for field in elem.fields %} {% for field in filebeat_input.fields %}
{{ field }}: {{ elem.fields[field] }} {{ field }}: {{ filebeat_input.fields[field] }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% else %}
- type: container
paths:
- /var/lib/docker/containers/*/*.log
{% endif %} {% endif %}
{% if ansible_fqdn not in groups['harbor'] %}
{% if ansible_fqdn not in groups['harbor'] -%}
filebeat.autodiscover: filebeat.autodiscover:
providers: providers:
- type: docker - type: docker

11
templates/logstash/config/logstash/pipeline/filebeat.conf.j2
Unescape Escape View File

@ -37,11 +37,18 @@ filter {
pattern_definitions => { pattern_definitions => {
"GREEDYMULTILINE"=> "(.|\n)*" "GREEDYMULTILINE"=> "(.|\n)*"
} }
remove_field => "message" remove_field => [ "message", "[event][original]" ]
}
}
else if [event][dataset] == "postgresql.log" {
grok {
match => {
"message" => "%{DATESTAMP:timestamp} %{TZ} (\[%{DATA:group_id}\]) (\[?%{DATA:user}\]?@\[?%{DATA:database}\]? )?%{DATA:level}: %{GREEDYDATA:message_full}" }
remove_field => [ "message", "[event][original]" ]
} }
} }
mutate { mutate {
remove_field => [ "[id]", "[agent]", "[log][file][path]", "[docker][container][labels]", "[host][ip]", "[host][mac]" ] remove_field => [ "[id]", "[agent]", "[log][file][path]", "[docker][container][labels]", "[host][ip]", "[host][mac]", "[host][name]" ]
} }
} }

Write Preview
Loading…
Cancel
Save