Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 5686a7b4b7d72c716467827c55737cbdab12a49a / . / kubernetes / clamp / components / clamp-dash-logstash / resources / config / pipeline.conf
blob: c005fcca3edeedb999d145394648bc6154a96df2 [file] [log] [blame]
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]1# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
Mukul379e2522018-09-05 12:26:02 +0000[diff] [blame]2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]14input {
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]15 http_poller {
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]16 urls => {
17 event_queue => {
18 method => get
19 url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
20 headers => {
21 Accept => "application/json"
22 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]23 topic => "${event_topic}"
24 tags => [ "dmaap_source" ]
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]25 }
26 notification_queue => {
27 method => get
28 url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
29 headers => {
30 Accept => "application/json"
31 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]32 topic => "${notification_topic}"
33 tags => [ "dmaap_source" ]
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]34 }
35 request_queue => {
36 method => get
37 url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
38 headers => {
39 Accept => "application/json"
40 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]41 topic => "${request_topic}"
42 tags => [ "dmaap_source" ]
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]43 }
44 }
45 socket_timeout => 30
46 request_timeout => 30
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]47 schedule => { "every" => "1m" }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]48 codec => "plain"
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]49 cacert => "/certs.d/aafca.pem"
50 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]51}
52
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]53
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]54filter {
55 # avoid noise if no entry in the list
56 if [message] == "[]" {
57 drop { }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]58 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]59
Krysiak Adam4993cae2019-04-04 09:58:27 +0200[diff] [blame]60 if [http_request_failure] or [@metadata][code] != 200 {
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]61 mutate {
Sylvain Desbureaux8c2a1622020-04-22 10:50:26 +0200[diff] [blame]62 add_tag => [ "error" ]
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]63 }
64 }
65
Krysiak Adam4993cae2019-04-04 09:58:27 +0200[diff] [blame]66 if "dmaap_source" in [@metadata][request][tags] {
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]67 #
68 # Dmaap provides a json list, whose items are Strings containing the event
69 # provided to Dmaap, which itself is an escaped json.
70 #
71 # We first need to parse the json as we have to use the plaintext as it cannot
72 # work with list of events, then split that list into multiple string events,
73 # that we then transform into json.
74 #
75 json {
76 source => "[message]"
77 target => "message"
78 }
Krysiak Adam4993cae2019-04-04 09:58:27 +0200[diff] [blame]79
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]80 split {
81 field => "message"
82 }
83 json {
84 source => "message"
85 }
86 mutate {
87 remove_field => [ "message" ]
88 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]89 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]90
91 #
92 # Some timestamps are expressed as milliseconds, some are in microseconds
93 #
94 if [closedLoopAlarmStart] {
95 ruby {
96 code => "
97 if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999
98 event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000)
99 else
100 event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10))
101 end
102 "
103 }
104 date {
105 match => [ "closedLoopAlarmStart", UNIX_MS ]
106 target => "closedLoopAlarmStart"
107 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]108 }
109
110 if [closedLoopAlarmEnd] {
111 ruby {
osgn422w7bc14fa2018-09-06 15:33:50 +0200[diff] [blame]112 code => "
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]113 if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999
114 event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000)
115 else
116 event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10))
117 end
118 "
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]119 }
120 date {
121 match => [ "closedLoopAlarmEnd", UNIX_MS ]
122 target => "closedLoopAlarmEnd"
123 }
124
125 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]126
127
128 #
129 # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which
130 # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss"
131 #
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]132 if [notificationTime] {
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]133 mutate {
134 gsub => [
135 "notificationTime", " ", "T"
136 ]
137 }
138 date {
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]139 match => [ "notificationTime", ISO8601 ]
140 target => "notificationTime"
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]141 }
142 }
143
144
145 #
146 # Renaming some fields for readability
147 #
148 if [AAI][generic-vnf.vnf-name] {
149 mutate {
150 add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" }
151 }
152 }
153 if [AAI][generic-vnf.vnf-type] {
154 mutate {
155 add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" }
156 }
157 }
158 if [AAI][vserver.vserver-name] {
159 mutate {
160 add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" }
161 }
162 }
163 if [AAI][complex.city] {
164 mutate {
165 add_field => { "locationCity" => "%{[AAI][complex.city]}" }
166 }
167 }
168 if [AAI][complex.state] {
169 mutate {
170 add_field => { "locationState" => "%{[AAI][complex.state]}" }
171 }
172 }
173
174
175 #
176 # Adding some flags to ease aggregation
177 #
178 if [closedLoopEventStatus] =~ /(?i)ABATED/ {
179 mutate {
180 add_field => { "flagAbated" => "1" }
181 }
182 }
183 if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ {
184 mutate {
185 add_field => { "flagFinalFailure" => "1" }
186 }
187 }
188
189
Krysiak Adam4993cae2019-04-04 09:58:27 +0200[diff] [blame]190 if "error" not in [@metadata][request][tags]{
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]191 #
192 # Creating data for a secondary index
193 #
194 clone {
195 clones => [ "event-cl-aggs" ]
196 add_tag => [ "event-cl-aggs" ]
197 }
Sylvain Desbureaux8c2a1622020-04-22 10:50:26 +0200[diff] [blame]198
Krysiak Adam4993cae2019-04-04 09:58:27 +0200[diff] [blame]199 if "event-cl-aggs" in [@metadata][request][tags]{
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]200 #
201 # we only need a few fields for aggregations; remove all fields from clone except :
202 # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure
203 #
204 prune {
205 whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
206 }
Sylvain Desbureaux8c2a1622020-04-22 10:50:26 +0200[diff] [blame]207
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]208 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]209 }
210}
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]211
212
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]213output {
214 stdout {
215 codec => rubydebug
216 }
217
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]218 if "error" in [tags] {
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]219 elasticsearch {
220 codec => "json"
osgn422wb561a592020-02-11 15:50:21 +0100[diff] [blame]221 cacert => "/clamp-cert/ca-certs.pem"
222 ssl_certificate_verification => false
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]223 hosts => ["${elasticsearch_base_url}"]
osgn422w6e663e42019-08-02 11:31:11 +0200[diff] [blame]224 user => ["${logstash_user}"]
225 password => ["${logstash_pwd}"]
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]226 index => "errors-%{+YYYY.MM.DD}"
227 doc_as_upsert => true
228 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]229
230 } else if "event-cl-aggs" in [tags] {
231 elasticsearch {
232 codec => "json"
233 hosts => ["${elasticsearch_base_url}"]
osgn422wb561a592020-02-11 15:50:21 +0100[diff] [blame]234 cacert => "/clamp-cert/ca-certs.pem"
235 ssl_certificate_verification => false
osgn422w6e663e42019-08-02 11:31:11 +0200[diff] [blame]236 user => ["${logstash_user}"]
237 password => ["${logstash_pwd}"]
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]238 document_id => "%{requestID}"
239 index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop
240 doc_as_upsert => true
241 action => "update"
242 }
243
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]244 } else {
245 elasticsearch {
246 codec => "json"
247 hosts => ["${elasticsearch_base_url}"]
osgn422wb561a592020-02-11 15:50:21 +0100[diff] [blame]248 cacert => "/clamp-cert/ca-certs.pem"
249 ssl_certificate_verification => false
osgn422w6e663e42019-08-02 11:31:11 +0200[diff] [blame]250 user => ["${logstash_user}"]
251 password => ["${logstash_pwd}"]
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]252 index => "events-%{+YYYY.MM.DD}" # creates daily indexes
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]253 doc_as_upsert => true
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]254 }
255 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]256}