mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
f4b2d02194
* add Metricbeat deployment to debugd Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * set metricbeat debugd image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix k8s deployment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use 2 separate deployments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only deploy via k8s in non-debug-images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing tilde * remove k8s metrics Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unify flag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: fix debugd logcollection (#2355) * add missing keyvault access role Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump logstash image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump filebeat / metricbeat image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * log used image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use debugging image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase wait timeout for image upload * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix template locations in container Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image version typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add filebeat / metricbeat users Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove user additions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update workflow step name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only mount config files Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * document potential rc Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix IAM permissions in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix AWS permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing workflow input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * rename action Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pin image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary workflow inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add refStream input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove inputs.yml dep Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase system metric period Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linkchecker Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
67 lines
1.8 KiB
Plaintext
67 lines
1.8 KiB
Plaintext
input {
|
|
beats {
|
|
host => "0.0.0.0"
|
|
port => {{ .Port }}
|
|
}
|
|
}
|
|
|
|
filter {
|
|
mutate {
|
|
# Remove some fields that are not needed.
|
|
remove_field => [
|
|
"[agent]",
|
|
"[journald]",
|
|
"[syslog]",
|
|
"[systemd][invocation_id]",
|
|
"[event][original]",
|
|
"[log][offset]",
|
|
"[log][syslog]"
|
|
]
|
|
|
|
# Tag with the provided metadata.
|
|
add_field => {
|
|
{{ range $key, $value := .InfoMap }}
|
|
"[metadata][{{ $key }}]" => "{{ $value }}"
|
|
{{ end }}
|
|
}
|
|
}
|
|
|
|
# Parse structured logs for following systemd units.
|
|
if [systemd][unit] in ["bootstrapper.service", "constellation-bootstrapper.service"] {
|
|
# skip_on_invalid_json below does not skip the whole filter, so let's use a cheap workaround here.
|
|
# See:
|
|
# https://discuss.elastic.co/t/skip-on-invalid-json-skipping-all-filters/215195
|
|
# https://discuss.elastic.co/t/looking-for-a-way-to-detect-json/102263
|
|
if [message] =~ "\A\{.+\}\z" {
|
|
json {
|
|
source => "message"
|
|
target => "logs"
|
|
skip_on_invalid_json => true
|
|
}
|
|
mutate {
|
|
replace => {
|
|
"message" => "%{[logs][msg]}"
|
|
}
|
|
remove_field => [
|
|
"[logs][msg]",
|
|
"[logs][ts]"
|
|
]
|
|
}
|
|
de_dot {
|
|
fields => ["[logs][peer.address]"]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
output {
|
|
opensearch {
|
|
hosts => "{{ .Host }}"
|
|
index => "{{ .IndexPrefix }}-%{+YYYY.MM.dd}"
|
|
user => "{{ .Credentials.Username }}"
|
|
password => "{{ .Credentials.Password }}"
|
|
ssl => true
|
|
ssl_certificate_verification => true
|
|
}
|
|
}
|