kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf

   1 # Copyright (c) 2018 AT&T Intellectual Property.  All rights reserved.
   2 #
   3 # Licensed under the Apache License, Version 2.0 (the "License");
   4 # you may not use this file except in compliance with the License.
   5 # You may obtain a copy of the License at
   6 #
   7 #       http://www.apache.org/licenses/LICENSE-2.0
   8 #
   9 # Unless required by applicable law or agreed to in writing, software
  10 # distributed under the License is distributed on an "AS IS" BASIS,
  11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 # See the License for the specific language governing permissions and
  13 # limitations under the License.
  14 input {
  15     http_poller {
  16         urls => {
  17             event_queue => {
  18                 method => get
  19                 url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
  20                 headers => {
  21                     Accept => "application/json"
  22                 }
  23                 topic => "${event_topic}"
  24                 tags => [ "dmaap_source" ]
  25             }
  26             notification_queue => {
  27                 method => get
  28                 url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
  29                 headers => {
  30                     Accept => "application/json"
  31                 }
  32                 topic => "${notification_topic}"
  33                 tags => [ "dmaap_source" ]
  34             }
  35             request_queue => {
  36                 method => get
  37                 url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
  38                 headers => {
  39                     Accept => "application/json"
  40                 }
  41                 topic => "${request_topic}"
  42                 tags => [ "dmaap_source" ]
  43             }
  44         }
  45         socket_timeout => 30
  46         request_timeout => 30
  47         schedule => { "every" => "1m" }
  48         codec => "plain"
  49         cacert => "/certs.d/aafca.pem"
  50     }
  51 }
  52
  53
  54 filter {
  55     # avoid noise if no entry in the list
  56     if [message] == "[]" {
  57         drop { }
  58     }
  59
  60     if [http_request_failure] or [@metadata][code] != 200 {
  61        mutate {
  62            add_tag => [ "error" ]
  63        }
  64     }
  65
  66     if "dmaap_source" in [@metadata][request][tags] {
  67         #
  68         # Dmaap provides a json list, whose items are Strings containing the event
  69         # provided to Dmaap, which itself is an escaped json.
  70         #
  71         # We first need to parse the json as we have to use the plaintext as it cannot
  72         # work with list of events, then split that list into multiple string events,
  73         # that we then transform into json.
  74         #
  75         json {
  76             source => "[message]"
  77             target => "message"
  78         }
  79 #        ruby {
  80 #            code => '
  81 #            require "json"
  82 #            puts "\n======================================= MESSAGE"
  83 #            print event.get("message")
  84 #            puts "\n======================================= METADATA"
  85 #            print event.get("@metadata")
  86 #            puts ""
  87 #
  88 #
  89 #            for ev in event.get("message")
  90 #                puts "\n======================================= PARSED JSON EV"
  91 #                print JSON.parse(ev)
  92 #                puts "\n======================================= JSON EV"
  93 #                print JSON.parse(ev).get("@metadata")
  94 #                puts ""
  95 #                ev.set("[@metadata]", event.get("@metadata"))
  96 #            end
  97 #            '
  98  #       }
  99
 100         split {
 101             field => "message"
 102         }
 103         json {
 104             source => "message"
 105         }
 106         mutate {
 107             remove_field => [ "message" ]
 108         }
 109     }
 110
 111     #
 112     # Some timestamps are expressed as milliseconds, some are in microseconds
 113     #
 114     if [closedLoopAlarmStart] {
 115         ruby {
 116             code => "
 117             if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999
 118               event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000)
 119             else
 120               event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10))
 121             end
 122             "
 123         }
 124         date {
 125             match => [ "closedLoopAlarmStart", UNIX_MS ]
 126             target => "closedLoopAlarmStart"
 127         }
 128     }
 129
 130     if [closedLoopAlarmEnd] {
 131         ruby {
 132             code => "
 133             if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999
 134               event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000)
 135             else
 136               event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10))
 137             end
 138             "
 139         }
 140         date {
 141             match => [ "closedLoopAlarmEnd", UNIX_MS ]
 142             target => "closedLoopAlarmEnd"
 143         }
 144
 145     }
 146
 147
 148     #
 149     # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which
 150     # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss"
 151     #
 152     if [notificationTime] {
 153         mutate {
 154             gsub => [
 155                 "notificationTime", " ", "T"
 156                 ]
 157         }
 158         date {
 159             match => [ "notificationTime", ISO8601 ]
 160             target => "notificationTime"
 161         }
 162     }
 163
 164
 165     #
 166     # Renaming some fields for readability
 167     #
 168         if [AAI][generic-vnf.vnf-name] {
 169             mutate {
 170                 add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" }
 171             }
 172         }
 173         if [AAI][generic-vnf.vnf-type] {
 174             mutate {
 175                 add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" }
 176             }
 177         }
 178         if [AAI][vserver.vserver-name] {
 179             mutate {
 180                 add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" }
 181             }
 182         }
 183         if [AAI][complex.city] {
 184             mutate {
 185                 add_field => { "locationCity" => "%{[AAI][complex.city]}" }
 186             }
 187         }
 188         if [AAI][complex.state] {
 189             mutate {
 190                 add_field => { "locationState" => "%{[AAI][complex.state]}" }
 191             }
 192         }
 193
 194
 195     #
 196     # Adding some flags to ease aggregation
 197     #
 198     if [closedLoopEventStatus] =~ /(?i)ABATED/ {
 199         mutate {
 200             add_field => { "flagAbated" => "1" }
 201         }
 202     }
 203     if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ {
 204         mutate {
 205             add_field => { "flagFinalFailure" => "1" }
 206         }
 207     }
 208
 209
 210     if "error" not in [@metadata][request][tags]{
 211         #
 212         # Creating data for a secondary index
 213         #
 214         clone {
 215             clones => [ "event-cl-aggs" ]
 216             add_tag => [ "event-cl-aggs" ]
 217         }
 218
 219         if  "event-cl-aggs" in [@metadata][request][tags]{
 220             #
 221             # we only need a few fields for aggregations; remove all fields from clone except :
 222             #   vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure
 223             #
 224             prune {
 225                 whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
 226             }
 227
 228         }
 229     }
 230 }
 231
 232
 233 output {
 234     stdout {
 235         codec => rubydebug
 236     }
 237
 238     if "error" in [tags] {
 239         elasticsearch {
 240             codec => "json"
 241             hosts => ["${elasticsearch_base_url}"]
 242             index => "errors-%{+YYYY.MM.DD}"
 243             doc_as_upsert => true
 244         }
 245
 246     } else if "event-cl-aggs" in [tags] {
 247         elasticsearch {
 248             codec => "json"
 249             hosts => ["${elasticsearch_base_url}"]
 250             document_id => "%{requestID}"
 251             index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop
 252             doc_as_upsert => true
 253             action => "update"
 254         }
 255
 256     } else {
 257         elasticsearch {
 258             codec => "json"
 259             hosts => ["${elasticsearch_base_url}"]
 260             index => "events-%{+YYYY.MM.DD}" # creates daily indexes
 261             doc_as_upsert => true
 262         }
 263     }
 264 }