Extend filebeat logstash patterns for the haproxy modul #21332
Labels
Comments
botelastic
bot
added
the
needs_team
andresrc
added
the
Team:Services
|
Pinging @elastic/integrations-services (Team:Services) |
botelastic
bot
removed
the
needs_team
13 tasks
jlind23
added
Team:Service-Integrations
|
Hi! We're labeling this issue as |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Enhancement:
Enhance Logstash patterns in the haproxy module to match yet another specific kind of a logline (example of the logline is below).
Specific use case for the enhancement:
We are using ELK stack to collect logs. In our setup we don't use haproxy module, using our own filebeat and logstash configs.
But we have examined and used logstash grok patterns in a haproxy module to have rather complete cover of possible haproxy loglines.
After some time we spotted a couple of loglines, which were not matched and generated _grokparsefailure tag.
Apparently this logline correspond to a haproxy connection/availability problem and is quite uncommon.
In our setup we are using all grok patterns from the haproxy module with one added pattern to catch this logline (pattern below).
HAProxy version:
HA-Proxy version 1.8.8-1ubuntu0.10 2020/04/03Unmatched logline:
Sep 21 14:54:37 api-lb1 haproxy[17648]: Server api-backend/api3 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.Used grok patterns from a haproxy module:
beats/filebeat/module/haproxy/log/ingest/pipeline.yml
Line 10 in 829c3b7
Our added Logstash grok pattern:
%{SYSLOGTIMESTAMP:[@metadata][timestamp]} %{GREEDYDATA} %{NOTSPACE:process.name}\[%{NUMBER:process.pid}\]: Server %{NOTSPACE:haproxy.backend_name}/%{NOTSPACE:haproxy.server_name} %{GREEDYDATA}The text was updated successfully, but these errors were encountered: