Need help with filed extractor for openstack logging

I have openstack cloud and i want to send all logs to graylog using rsyslog and its working great but i want to do some more magic…

My logs look like following:

<189>Oct 23 15:14:01 ostack-compute-61 nova-compute:2018-10-23 15:13:57.678 2099 INFO nova.compute.resource_tracker [req-8e411318-3dbb-4b2e-8f9c-14cff02c8056 - - - - -] Final resource view: name=ostack-compute-61.foo.net phys_ram=32733MB used_ram=2048MB phys_disk=199GB used_disk=0GB total_vcpus=32 used_vcpus=0 pci_stats=[PciDevicePool(count=1,numa_node=0,product_id='168e',tags={dev_type='type-PF',physical_network='vlan'},vendor_id='14e4'), PciDevicePool(count=8,numa_node=0,product_id='16af',tags={dev_type='type-VF',physical_network='vlan'},vendor_id='14e4')]

Servers send these logs every 1 minute in that logs file some good info which i want to extract and build dashboard which will tell us how much memory/CPU/disk available on X compute node

These are the fields

phys_ram=32733MB
used_ram=2048MB
phys_disk=199GB
total_vcpus=32

Based on above data i want to build dashboard where i aggr all my compute node resources and display them which juice infor like total memory 100TB and total_vcpus=1000 etc…

I have tried to look into extractor but i got lost and confused so need some help or clue.

you need to build a regex that greps out the information and create new fields with the values. Or you use GROK Patterns to make it work first.

use a tool like grok debugger to construct your pattern and check that it is matching.

I would do this with the processing pipelines, as they are more flexible.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.