From 4c3b94c55b198bff0afc9593cf3f45bd3af5d9a9 Mon Sep 17 00:00:00 2001 From: Dmitriy Miroshnik Date: Fri, 26 Nov 2021 14:39:15 +0300 Subject: [PATCH] issue #149: add some config templates --- CONFIGS.md | 168 +++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 2 + 2 files changed, 170 insertions(+) create mode 100644 CONFIGS.md diff --git a/CONFIGS.md b/CONFIGS.md new file mode 100644 index 0000000..c5e361e --- /dev/null +++ b/CONFIGS.md @@ -0,0 +1,168 @@ + +# Template configs + +You can add this templates under `filebeat.autodiscover.providers.templates`. Just add this templates to you `sak-ekf` module config and add needed label with value on pod/deployment (kubernetes.labels.logtype). Most of templates are multiline. [More info](https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html) + +## Nginx +``` +{ + "condition.equals" = { + "kubernetes.labels.logtype" = "nginx" + }, + "config" = [ + { + "module" = "nginx", + "access" = { + "enabled" = true, + "var.paths" = [ + "/var/log/nginx/access.log*" + ] + }, + "error" = { + "enabled" = true, + "var.paths" = [ + "/var/log/nginx/error.log*" + ] + } + } + ] +} +``` + +## Kafka +``` +{ + "condition.equals" = { + "kubernetes.labels.logtype" = "kafka" + }, + "config" = [ + { + "module" = "kafka", + "logs" = { + "enabled" = true, + "var.paths" = [ + "/var/log/kafka/*.log*" + ] + } + } + ] +} +``` + +## Java +``` +{ + "condition.equals" = { + "kubernetes.labels.logtype" = "java" + }, + "config" = [ + { + "type" = "container", + "paths" = [ + "/var/log/containers/*-$${data.kubernetes.container.id}.log" + ], + "exclude_lines" = [ + "^\\s+[\\-`('.|_]" + ], + "multiline.type" = "pattern", + "multiline.pattern" = "^[[:space:]]", + "multiline.negate" = false, + "multiline.match" = "after" + } + ] + +} +``` + +## Multiline logs with timestamp +``` +{ + "condition.equals" = { + "kubernetes.labels.logtype" = "multiline_timestamp" + }, + "config" = [ + { + "type" = "container", + "paths" = [ + "/var/log/containers/*-$${data.kubernetes.container.id}.log" + ], + "exclude_lines" = [ + "^\\s+[\\-`('.|_]" + ], + "multiline.pattern" = "^\\[[0-9]{4}-[0-9]{2}-[0-9]{2}" + "multiline.negate" = "true" + "multiline.match" = "after" + } + ] +} +``` + +## Warning logs +``` +{ + "condition.equals" = { + "kubernetes.labels.logtype" = "warning" + }, + "config" = [ + { + "type" = "container", + "paths" = [ + "/var/log/containers/*-$${data.kubernetes.container.id}.log" + ], + "exclude_lines" = [ + "^\\s+[\\-`('.|_]" + ], + "multiline.pattern" = "^WARN" + "multiline.negate" = "true" + "multiline.match" = "after" + } + ] +} +``` + +## Error logs +``` +{ + "condition.equals" = { + "kubernetes.labels.logtype" = "error" + }, + "config" = [ + { + "type" = "container", + "paths" = [ + "/var/log/containers/*-$${data.kubernetes.container.id}.log" + ], + "exclude_lines" = [ + "^\\s+[\\-`('.|_]" + ], + "multiline.pattern" = "^ERR" + "multiline.negate" = "true" + "multiline.match" = "after" + } + ] +} +``` + +## Debug logs + +``` +{ + "condition.equals" = { + "kubernetes.labels.logtype" = "debug" + }, + "config" = [ + { + "type" = "container", + "paths" = [ + "/var/log/containers/*-$${data.kubernetes.container.id}.log" + ], + "exclude_lines" = [ + "^\\s+[\\-`('.|_]" + ], + "multiline.pattern" = "(?>DEBUG|DBG)" + "multiline.negate" = "true" + "multiline.match" = "after" + } + ] +} +``` diff --git a/README.md b/README.md index a85ed6d..b917e6a 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,8 @@ First, you need to create a Google OAuth Client: * Click Create * Copy the Client ID and Client Secret from the ‘OAuth Client’ modal +## Config templates. +Visit our [Config templates](./CONFIGS.md) and find some usable config templates. ## Example how add with module ```