Gitiles
Code Review Sign In
gerrit.nordix.org / onap / clamp / 447d81c985e893c5a5b6b5305cb4e7975717b75b / . / src / main / docker / logstash / pipeline / logstash.conf
blob: e6cee9c1958589142440810d1c259e165053496a [file] [log] [blame]
ac2550a61b86e2018-10-10 13:54:08 +0200[diff] [blame]1# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14input {
15 http_poller {
16 urls => {
17 event_queue => {
18 method => get
19 url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
20 headers => {
21 Accept => "application/json"
22 }
23 add_field => { "topic" => "${event_topic}" }
24 type => "dmaap_event"
25 }
26 notification_queue => {
27 method => get
28 url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
29 headers => {
30 Accept => "application/json"
31 }
32 add_field => { "topic" => "${notification_topic}" }
33 type => "dmaap_notification"
34 }
35 request_queue => {
36 method => get
37 url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
38 headers => {
39 Accept => "application/json"
40 }
41 add_field => { "topic" => "${request_topic}" }
42 type => "dmaap_request"
43 }
44 }
45 socket_timeout => 30
46 request_timeout => 30
47 codec => "plain"
48 schedule => { "every" => "1m" }
49 cacert => "/certs.d/aafca.pem"
50 }
51}
52
53input {
54 file {
55 path => [
56 "/log-input/*"
57 ]
58 type => "dmaap_log"
59 codec => "json"
60 }
61}
62
63filter {
64 # avoid noise if no entry in the list
65 if [message] == "[]" {
66 drop { }
67 }
68
69 if [http_request_failure] or [@metadata][code] != "200" {
70 mutate {
71 add_tag => [ "error" ]
72 }
73 }
74
75 if "dmaap_source" in [tags] {
76 #
77 # Dmaap provides a json list, whose items are Strings containing the event
78 # provided to Dmaap, which itself is an escaped json.
79 #
80 # We first need to parse the json as we have to use the plaintext as it cannot
81 # work with list of events, then split that list into multiple string events,
82 # that we then transform into json.
83 #
84 json {
85 source => "[message]"
86 target => "message"
87 }
88 ruby {
89 code => "
90 for ev in event.get('message', [])
91 ev.set('@metadata', event.get('@metadata'))
92 end
93 "
94 }
95
96 split {
97 field => "message"
98 }
99 json {
100 source => "message"
101 }
102 mutate {
103 remove_field => [ "message" ]
104 }
105 }
106
107 #
108 # Some timestamps are expressed as milliseconds, some are in microseconds
109 #
110 if [closedLoopAlarmStart] {
111 ruby {
112 code => "
113 if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999
114 event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000)
115 else
116 event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10))
117 end
118 "
119 }
120 date {
121 match => [ "closedLoopAlarmStart", UNIX_MS ]
122 target => "closedLoopAlarmStart"
123 }
124 }
125
126 if [closedLoopAlarmEnd] {
127 ruby {
128 code => "
129 if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999
130 event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000)
131 else
132 event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10))
133 end
134 "
135 }
136 date {
137 match => [ "closedLoopAlarmEnd", UNIX_MS ]
138 target => "closedLoopAlarmEnd"
139 }
140
141 }
142
143
144 #
145 # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which
146 # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss"
147 #
148 if [notificationTime] {
149 mutate {
150 gsub => [ "notificationTime", " ", "T" ]
151 }
152 date {
153 match => [ "notificationTime", ISO8601 ]
154 target => "notificationTime"
155 }
156 }
157
158
159 #
160 # Renaming some fields for readability
161 #
162 if [AAI][generic-vnf.vnf-name] {
163 mutate {
164 add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" }
165 }
166 }
167 if [AAI][generic-vnf.vnf-type] {
168 mutate {
169 add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" }
170 }
171 }
172 if [AAI][vserver.vserver-name] {
173 mutate {
174 add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" }
175 }
176 }
177 if [AAI][complex.city] {
178 mutate {
179 add_field => { "locationCity" => "%{[AAI][complex.city]}" }
180 }
181 }
182 if [AAI][complex.state] {
183 mutate {
184 add_field => { "locationState" => "%{[AAI][complex.state]}" }
185 }
186 }
187
188
189 #
190 # Adding some flags to ease aggregation
191 #
192 if [closedLoopEventStatus] =~ /(?i)ABATED/ {
193 mutate {
194 add_field => { "flagAbated" => "1" }
195 }
196 }
197 if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ {
198 mutate {
199 add_field => { "flagFinalFailure" => "1" }
200 }
201 }
202
203
204 if "error" not in [tags] {
205 #
206 # Creating data for a secondary index
207 #
208 clone {
209 clones => [ "event-cl-aggs" ]
210 add_tag => [ "event-cl-aggs" ]
211 }
212
213 if "event-cl-aggs" in [tags] {
214 #
215 # we only need a few fields for aggregations; remove all fields from clone except :
216 # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure
217 #
218 prune {
219 whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
220 }
221
222 }
223 }
224}
225
226output {
227 stdout {
228 codec => rubydebug { metadata => true }
229 }
230
231 if "error" in [tags] {
232 elasticsearch {
233 codec => "json"
234 hosts => ["${elasticsearch_base_url}"]
235 index => "errors-%{+YYYY.MM.DD}"
236 doc_as_upsert => true
237 }
238
239 } else if "event-cl-aggs" in [tags] {
240 elasticsearch {
241 codec => "json"
242 hosts => ["${elasticsearch_base_url}"]
243 document_id => "%{requestID}"
244 index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop
245 doc_as_upsert => true
246 action => "update"
247 }
248
249 } else {
250 elasticsearch {
251 codec => "json"
252 hosts => ["${elasticsearch_base_url}"]
253 index => "events-%{+YYYY.MM.DD}" # creates daily indexes
254 doc_as_upsert => true
255 }
256 }
257}