constellation/debugd/logstash/templates/pipeline.conf

input {
    beats {
        host => "0.0.0.0"
        port => {{ .Port }}
    }
}

filter {
    mutate {
        # Remove some fields that are not needed.
        remove_field => [
            "[agent]",
            "[journald]",
            "[syslog]",
            "[systemd][invocation_id]",
            "[event][original]",
            "[log][offset]",
            "[log][syslog]"
        ]

        # Tag with the provided metadata.
        add_field => {
            {{ range $key, $value := .InfoMap }}
            "[metadata][{{ $key }}]" => "{{ $value }}"
            {{ end }}
        }
    }

    # Parse structured logs for following systemd units.
    if [systemd][unit] in ["bootstrapper.service", "constellation-bootstrapper.service"] {
        # skip_on_invalid_json below does not skip the whole filter, so let's use a cheap workaround here.
        # See:
        # https://discuss.elastic.co/t/skip-on-invalid-json-skipping-all-filters/215195
        # https://discuss.elastic.co/t/looking-for-a-way-to-detect-json/102263
        if [message] =~ "\A\{.+\}\z" {
            json {
                source => "message"
                target => "logs"
                skip_on_invalid_json => true
            }
            mutate {
                replace => {
                    "message" => "%{[logs][msg]}"
                }
                remove_field => [
                    "[logs][msg]",
                    "[logs][ts]"
                ]
            }
            de_dot {
                fields => ["[logs][peer.address]"]
            }
        }
    }
}

output {
    opensearch {
        hosts => "{{ .Host }}"
        index => "systemd-logs-%{+YYYY.MM.dd}"
        user => "{{ .Credentials.Username }}"
        password => "{{ .Credentials.Password }}"
        ssl => true
        ssl_certificate_verification => true
    }
}
ci: logcollection to OpenSearch in non-debug clusters (#2080) * refactor `debugd` file structure * create `hack`-tool to deploy logcollection to non-debug clusters * integrate changes into CI * update fields * update workflow input names * use `working-directory` * add opensearch creds to upgrade workflow * make template func generic * make templating func generic * linebreaks * remove magic defaults * move `os.Exit` to main package * make logging index configurable * make templating generic * remove excess brace * update fields * copy fields * fix flag name * fix linter warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * remove unused workflow inputs * remove makefiles * fix command * bazel: fix output paths of container This fixes the output paths of builds within the container by mounting directories to paths that exist on the host. We also explicitly set the output path in a .bazelrc to the user specific path. The rc file is mounted into the container and overrides the host rc. Also adding automatic stop in case start is called and a containers is already running. Sym links like bazel-out and paths bazel outputs should generally work with this change. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * tabs -> spaces --------- Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-08-21 02:01:33 -04:00			`input {`
			`beats {`
			`host => "0.0.0.0"`
			`port => {{ .Port }}`
			`}`
			`}`

			`filter {`
			`mutate {`
			`# Remove some fields that are not needed.`
			`remove_field => [`
			`"[agent]",`
			`"[journald]",`
			`"[syslog]",`
			`"[systemd][invocation_id]",`
			`"[event][original]",`
			`"[log][offset]",`
			`"[log][syslog]"`
			`]`

			`# Tag with the provided metadata.`
			`add_field => {`
			`{{ range $key, $value := .InfoMap }}`
			`"[metadata][{{ $key }}]" => "{{ $value }}"`
			`{{ end }}`
			`}`
			`}`

			`# Parse structured logs for following systemd units.`
			`if [systemd][unit] in ["bootstrapper.service", "constellation-bootstrapper.service"] {`
			`# skip_on_invalid_json below does not skip the whole filter, so let's use a cheap workaround here.`
			`# See:`
			`# https://discuss.elastic.co/t/skip-on-invalid-json-skipping-all-filters/215195`
			`# https://discuss.elastic.co/t/looking-for-a-way-to-detect-json/102263`
			`if [message] =~ "\A\{.+\}\z" {`
			`json {`
			`source => "message"`
			`target => "logs"`
			`skip_on_invalid_json => true`
			`}`
			`mutate {`
			`replace => {`
			`"message" => "%{[logs][msg]}"`
			`}`
			`remove_field => [`
			`"[logs][msg]",`
			`"[logs][ts]"`
			`]`
			`}`
			`de_dot {`
			`fields => ["[logs][peer.address]"]`
			`}`
			`}`
			`}`
			`}`

			`output {`
			`opensearch {`
			`hosts => "{{ .Host }}"`
			`index => "systemd-logs-%{+YYYY.MM.dd}"`
			`user => "{{ .Credentials.Username }}"`
			`password => "{{ .Credentials.Password }}"`
			`ssl => true`
			`ssl_certificate_verification => true`
			`}`
			`}`