Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / elasticsearch / c93f93f9e4d7eb6ac9a791922d8d0fb901cf1a06^! / .
commitc93f93f9e4d7eb6ac9a791922d8d0fb901cf1a06[log] [tgz]
authorMateusz Matuszkowiak <mmatuszkowiak@mirantis.com>Mon Aug 13 10:22:35 2018 +0200
committerMateusz Matuszkowiak <mmatuszkowiak@mirantis.com>Mon Aug 13 10:01:56 2018 +0000
tree3ad5b4447eea099ccc9a5c0e26a21e881da01e00
parent4422a30bd640aa826e7f0be9ffede204ce19d9ba [diff]
Fixed the regex for ES logs 

Catch both time formats regarding ES logs.

Change-Id: Id088cc0af107a75eb810fe652f788a2c9c3144d7
Closes-Bug: PROD-21812

diff --git a/elasticsearch/meta/fluentd.yml b/elasticsearch/meta/fluentd.yml
index 17848d0..b083372 100644
--- a/elasticsearch/meta/fluentd.yml
+++ b/elasticsearch/meta/fluentd.yml

@@ -9,25 +9,25 @@
             tag: elasticsearch.general
             path: /var/log/elasticsearch/elasticsearch.log
             pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/elasticsearch.general.pos
-            format: '/^\[(?<time>[^ ]* [^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] \[([^\]]*) *\] (?<Payload>.+)/'
+            format: '/^\[(?<time>[^ ]* ?[^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] \[([^\]]*) *\] (?<Payload>.+)/'
           tail_elasticsearch_deprecation:
             type: tail
             tag: elasticsearch.deprecation
             path: /var/log/elasticsearch/elasticsearch_deprecation.log
             pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/elasticsearch.deprecation.pos
-            format: '/^\[(?<time>[^ ]* [^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] (?<Payload>.+)/'
+            format: '/^\[(?<time>[^ ]* ?[^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] (?<Payload>.+)/'
           tail_elasticsearch_index_indexing_slowlog:
             type: tail
             tag: elasticsearch.slowlog.indexing
             path: /var/log/elasticsearch/elasticsearch_index_indexing_slowlog.log
             pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/elasticsearch.slowlog.indexing.pos
-            format: '/^\[(?<time>[^ ]* [^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] (?<Payload>.+)/'
+            format: '/^\[(?<time>[^ ]* ?[^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] (?<Payload>.+)/'
           tail_elasticsearch_index_search_slowlog:
             type: tail
             tag: elasticsearch.slowlog.search
             path: /var/log/elasticsearch/elasticsearch_index_search_slowlog.log
             pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/elasticsearch.slowlog.search.pos
-            format: '/^\[(?<time>[^ ]* [^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] (?<Payload>.+)/'
+            format: '/^\[(?<time>[^ ]* ?[^ ]*)\]\[(?<severity_label>[^ ]*) *?\]\[([^ ]*) *\] (?<Payload>.+)/'
         filter:
           match_severity:
             type: record_transformer