Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 623e0f619da41a1cd4de18b0ae61b32e1408eff0 / . / kubernetes / clamp / charts / clamp-dash-logstash / resources / config / pipeline.conf
blob: 317b428c77bbe193d3cf20190d1eec77bb8c1d2c [file] [log] [blame]
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]1# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
Mukul379e2522018-09-05 12:26:02 +0000[diff] [blame]2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]14input {
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]15 http_poller {
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]16 urls => {
17 event_queue => {
18 method => get
19 url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
20 headers => {
21 Accept => "application/json"
22 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]23 topic => "${event_topic}"
24 tags => [ "dmaap_source" ]
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]25 }
26 notification_queue => {
27 method => get
28 url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
29 headers => {
30 Accept => "application/json"
31 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]32 topic => "${notification_topic}"
33 tags => [ "dmaap_source" ]
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]34 }
35 request_queue => {
36 method => get
37 url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
38 headers => {
39 Accept => "application/json"
40 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]41 topic => "${request_topic}"
42 tags => [ "dmaap_source" ]
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]43 }
44 }
45 socket_timeout => 30
46 request_timeout => 30
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]47 schedule => { "every" => "1m" }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]48 codec => "plain"
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]49 cacert => "/certs.d/aafca.pem"
50 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]51}
52
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]53
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]54filter {
55 # avoid noise if no entry in the list
56 if [message] == "[]" {
57 drop { }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]58 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]59
60 if [http_request_failure] or [@metadata][code] != "200" {
61 mutate {
62 add_tag => [ "error" ]
63 }
64 }
65
66 if "dmaap_source" in [tags] {
67 #
68 # Dmaap provides a json list, whose items are Strings containing the event
69 # provided to Dmaap, which itself is an escaped json.
70 #
71 # We first need to parse the json as we have to use the plaintext as it cannot
72 # work with list of events, then split that list into multiple string events,
73 # that we then transform into json.
74 #
75 json {
76 source => "[message]"
77 target => "message"
78 }
79 ruby {
osgn422w7bc14fa2018-09-06 15:33:50 +0200[diff] [blame]80 code => "
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]81 for ev in event.get('message', [])
82 ev.set('@metadata', event.get('@metadata'))
83 end
84 "
85 }
86
87 split {
88 field => "message"
89 }
90 json {
91 source => "message"
92 }
93 mutate {
94 remove_field => [ "message" ]
95 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]96 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]97
98 #
99 # Some timestamps are expressed as milliseconds, some are in microseconds
100 #
101 if [closedLoopAlarmStart] {
102 ruby {
103 code => "
104 if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999
105 event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000)
106 else
107 event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10))
108 end
109 "
110 }
111 date {
112 match => [ "closedLoopAlarmStart", UNIX_MS ]
113 target => "closedLoopAlarmStart"
114 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]115 }
116
117 if [closedLoopAlarmEnd] {
118 ruby {
osgn422w7bc14fa2018-09-06 15:33:50 +0200[diff] [blame]119 code => "
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]120 if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999
121 event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000)
122 else
123 event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10))
124 end
125 "
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]126 }
127 date {
128 match => [ "closedLoopAlarmEnd", UNIX_MS ]
129 target => "closedLoopAlarmEnd"
130 }
131
132 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]133
134
135 #
136 # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which
137 # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss"
138 #
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]139 if [notificationTime] {
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]140 mutate {
141 gsub => [
142 "notificationTime", " ", "T"
143 ]
144 }
145 date {
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]146 match => [ "notificationTime", ISO8601 ]
147 target => "notificationTime"
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]148 }
149 }
150
151
152 #
153 # Renaming some fields for readability
154 #
155 if [AAI][generic-vnf.vnf-name] {
156 mutate {
157 add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" }
158 }
159 }
160 if [AAI][generic-vnf.vnf-type] {
161 mutate {
162 add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" }
163 }
164 }
165 if [AAI][vserver.vserver-name] {
166 mutate {
167 add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" }
168 }
169 }
170 if [AAI][complex.city] {
171 mutate {
172 add_field => { "locationCity" => "%{[AAI][complex.city]}" }
173 }
174 }
175 if [AAI][complex.state] {
176 mutate {
177 add_field => { "locationState" => "%{[AAI][complex.state]}" }
178 }
179 }
180
181
182 #
183 # Adding some flags to ease aggregation
184 #
185 if [closedLoopEventStatus] =~ /(?i)ABATED/ {
186 mutate {
187 add_field => { "flagAbated" => "1" }
188 }
189 }
190 if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ {
191 mutate {
192 add_field => { "flagFinalFailure" => "1" }
193 }
194 }
195
196
197 if "error" not in [tags] {
198 #
199 # Creating data for a secondary index
200 #
201 clone {
202 clones => [ "event-cl-aggs" ]
203 add_tag => [ "event-cl-aggs" ]
204 }
205
206 if "event-cl-aggs" in [tags] {
207 #
208 # we only need a few fields for aggregations; remove all fields from clone except :
209 # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure
210 #
211 prune {
212 whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
213 }
214
215 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]216 }
217}
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]218
219
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]220output {
221 stdout {
222 codec => rubydebug
223 }
224
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]225 if "error" in [tags] {
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]226 elasticsearch {
227 codec => "json"
228 hosts => ["${elasticsearch_base_url}"]
229 index => "errors-%{+YYYY.MM.DD}"
230 doc_as_upsert => true
231 }
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]232
233 } else if "event-cl-aggs" in [tags] {
234 elasticsearch {
235 codec => "json"
236 hosts => ["${elasticsearch_base_url}"]
237 document_id => "%{requestID}"
238 index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop
239 doc_as_upsert => true
240 action => "update"
241 }
242
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]243 } else {
244 elasticsearch {
245 codec => "json"
246 hosts => ["${elasticsearch_base_url}"]
ac2550a0496b02018-09-20 14:57:22 +0200[diff] [blame]247 index => "events-%{+YYYY.MM.DD}" # creates daily indexes
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]248 doc_as_upsert => true
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]249 }
250 }
ac25508ac97172018-04-18 14:23:17 +0200[diff] [blame]251}