Skip to main content

How to analyse nova logs via logstash

In Elasticsearch family, there is a three that collects, analyses and plots logs, which I found quite beneficial. The three is  Logstash + Elasticsearch + Kibana.

Logstash collects logs with various formats and parses them by using a given recipe. then parsed logs are stored into elasticsearch or another selected back-end. After all, using indexes in elasticsearch, Kibana will let you analyse logs in various ways with great visuality.

In this post, I will quickly show how to work on openstack-nova logs on an already set up environment.

First let's forward nova logs to where logstash is listening. To do it, we will use logstash-forwarder which will run on where logs are located. Its job is very simple: going to log files and forward each line in it. Your /etc/logstash-forwarder should look like this:


{
  "network": {
    "servers": [ "10.10.10.10:5000" ],
    "timeout": 15,
    "ssl ca": "part/to/crt"
  },

  "files": [
    {
      "paths": [
         "/var/log/nova/nova-*.log"
       ],
      "fields": { "type": "nova" }
    }
   ]
}
In network object, do necessary changes as basic configuration of logstah-forwarder. In files array, paths of logs files to be forwarded are defined with a specific type. In our case, it is nova.

In logstash side, which listens and indexes logs, you need to specify how Logstash will parse logs. For this one, we will edit filter part. In order to build my environment, I have followed this guide. In this one, the filter part is defined in /etc/logstash/conf.d/10-syslog.conf. We will simply edit this one.


filter{
  if [type] == "nova" {

    grok {
      match => {"message" => "%{TIMESTAMP_ISO8601:timestamp} %{NUMBER:pid} %{LOGLEVEL:loglevel} %{NOVA_MODULE:nova_module} (?:%{DATA})"}
    }
    date {
      match => [ "timestamp", "yyyy-MM-dd HH:mm:ss.SSS" ]
    }
    if "_grokparsefailure" in [tags] {
      drop { }
    }

  }
}
For filtering ,we have three parts: grok, date, and failure part. Grok parses the gathered logs. With the grok format above, we are indexing timestamp, process id, log level and nova module. Optionally, you can increase number of indexes here such as request_id may be split, by editing match filter in grok. Date is a format of how timestamp will be saved. The last part functions to ignore logs which don't suite to our match case.

Finally, in your Kibana dashboard, by doing some configuration, you can get good-looking representation of nova logs. Here is a table populated by nova logs:


Labels:

Comments

Post a Comment

Popular posts from this blog

Integration of MuPDF Project as a Library into an Android Studio Project

I have needed to use MuPDF library in my android project. After some research, I have seen that there are many integration tutorials but, but integrated projects are developed on Eclipse. For projects on AndroidStudio+Gradle, there is no example. I mean there is no specific example which exactly refers to this issue. So, after achieving my goal, I want to share the steps publicly so that it can be reused by others.
27 comments
Read more

Migration from Proxmox to Openstack

I needed to migrate virtual machines in proxmox to openstack. VMs are in raw format. I needed to take some actions for a succesfull migration. I have perform all actions on Ubuntu 12.04 with virt-manager. qemu-kvm is installed. Here is the list of actions that I took: First, close the machine and copy the image file into your Ubuntu. Convert raw image to qcow2 format: qemu-img convert -O qcow2 image1.raw image1.qcow2 You need the image in qcow2 format for compatibility with openstack platform.  Open the converted image in virt-manager. Before opening, edit disk options. Under ' advanced options ' section, select ' qcow2 ' as ' storage forma t '. Start the virtual machine. You should see the login screen soon. (If you don't set storage format, vm will not find a bootable device. )   If everything is ok so far, close the vm. Take qcow2 image and upload it into glance. It may take time depending on size of it. After this process is completed, open a...
Post a Comment
Read more

How to avoid API-level warning of Android Studio

Before giving the solution, let's start with a scenario. setSelectionFromTop() is a new method in Android Lollipop API. This method is basically beneficial to precisely keep scroll state of a ListView. By keeping that info, a developer can go back to old scroll state after doing some operation like data set change. You are aware of API level and you do your control before you call this function: if (currentapiVersion >= Build.VERSION_CODES.LOLLIPOP) { srlistview.setSelectionFromTop(index, top); } But if project minSdk is set to a lower level (in this case it is 15), this warning will still be displayed in Android Studio:
3 comments
Read more