Friday, September 9, 2016

dynamic log error discovery using logstash and statsd

logstash configuration using statsd output filter
this took a while to put together, getting the syntax tuned up.
you probably dont need the curly braces on the match statements, but it makes this config backwards compatible with logstash < 1.5

fyr: the routing key will look like:
 "statsd.logstash.`hostname`.appperf.abc.errors.appmodules.ModuleNameFromLog.count"
 "statsd.logstash.`hostname`.appperf.abc.errors.appmodules.ModuleNameFromLog.rate"


## /etc/logstash/conf.d/19-abclog2statsd.conf 

 input {
  file {
    path => "/opt/abcapp/tomcat/logs/ABC.log"
  }

 }

 filter {
  grok {
    match => { "message" => "%{DATE:date} %{TIME:time} ERROR  %{WORD:unknown_module}%{GREEDYDATA:message}" }
    match => { "message" => "%{DATE:date} %{TIME:time} ERROR %{WORD:unknown_module}%{GREEDYDATA:message}" }
  }

 }

 output {
  if [unknown_module] =~ /.+/ {
    statsd {
      host => "10.101.25.137"
      count => { 
                "appperf.amp.errors.appmodules.%{unknown_module}" => "1"
      }
    }
  }
}

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)