Skip to content

Instantly share code, notes, and snippets.

@danypr92

danypr92/logstash_tryton_filter.md

Last active September 7, 2018 09:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save danypr92/fb542faf36d84ff65ba1994e37a7cf92 to your computer and use it in GitHub Desktop.
Save danypr92/fb542faf36d84ff65ba1994e37a7cf92 to your computer and use it in GitHub Desktop.
Download ZIP
Logstash filter to mapping the Tryton Log
Raw
logstash_tryton_filter.md

Logstash filter to Tryton Log

We need a filter to map the Tryton log to monitoring it from ELK.

Tryton log pattern:

format = %(process)d - [%(asctime)s] %(levelname)s:%(name)s:%(message)s
datefmt = %a %b %d %H:%M:%S %Y

Tryton log example:

2263 - [Fri Sep 07 08:20:45 2018] INFO:trytond.protocols.dispatcher:model.eticom.contract.read(*([1600, 1589, 1597, 1598, 1599], ['partner', 'mobile_internet', 'service', 'notes', 'otrs_ticket_number', 'state', 'mobile_option', 'mobile_min', 'party', 'internet_contract', 'otrs_ticket_id', 'partner.rec_name', 'party.rec_name', 'rec_name', '_timestamp'], {'date_format': '%d/%m/%Y', 'language': 'ca_ES', 'employee.rec_name': 'Palomar Rodriguez, Daniel', 'locale': {'date': '%d/%m/%Y', 'thousands_sep': ' ', 'decimal_point': ',', 'grouping': [3, 3, 0]}, 'language_direction': 'ltr', 'company.rec_name': 'Nom empresa / cognoms', 'groups': [18, 1, 17, 16, 28, 15, 6, 8, 19, 3, 4, 5, 25, 32, 9, 2, 21, 11, 29, 7, 20, 26, 33, 34, 22, 27, 31, 23, 24, 10, 14], 'employee': 12, 'company': 1}), **{}) from 34@::ffff:10.0.3.1:54246/tryton

Grok pattern:

\A%{POSINT:pid} - \[%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}\] %{LOGLEVEL}:%{WORD}.%{WORD}.%{WORD}:%{GREEDYDATA:message}

Result:

{
  "pid": [
    [
      "2263"
    ]
  ],
  "DAY": [
    [
      "Fri"
    ]
  ],
  "MONTH": [
    [
      "Sep"
    ]
  ],
  "MONTHDAY": [
    [
      "07"
    ]
  ],
  "TIME": [
    [
      "08:20:45"
    ]
  ],
  "HOUR": [
    [
      "08"
    ]
  ],
  "MINUTE": [
    [
      "20"
    ]
  ],
  "SECOND": [
    [
      "45"
    ]
  ],
  "YEAR": [
    [
      "2018"
    ]
  ],
  "LOGLEVEL": [
    [
      "INFO"
    ]
  ],
  "WORD": [
    [
      "trytond",
      "protocols",
      "dispatcher"
    ]
  ],
  "message": [
    [
      "model.eticom.contract.read(*([1600, 1589, 1597, 1598, 1599], ['partner', 'mobile_internet', 'service', 'notes', 'otrs_ticket_number', 'state', 'mobile_option', 'mobile_min', 'party', 'internet_contract', 'otrs_ticket_id', 'partner.rec_name', 'party.rec_name', 'rec_name', '_timestamp'], {'date_format': '%d/%m/%Y', 'language': 'ca_ES', 'employee.rec_name': 'Palomar Rodriguez, Daniel', 'locale': {'date': '%d/%m/%Y', 'thousands_sep': ' ', 'decimal_point': ',', 'grouping': [3, 3, 0]}, 'language_direction': 'ltr', 'company.rec_name': 'Nom empresa / cognoms', 'groups': [18, 1, 17, 16, 28, 15, 6, 8, 19, 3, 4, 5, 25, 32, 9, 2, 21, 11, 29, 7, 20, 26, 33, 34, 22, 27, 31, 23, 24, 10, 14], 'employee': 12, 'company': 1}), **{}) from 34@::ffff:10.0.3.1:54246/tryton"
    ]
  ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment