Fix issue with milliseconds in logs shiped to elastic.
- Change nginx logs time format with milliseconds.
Related-bug: PROD-36383
Change-Id: Ie32e7b07c0ff9e97c70f3af31739b0bee8787d9d
diff --git a/nginx/files/_log.conf b/nginx/files/_log.conf
index 4bbe554..11ecde6 100644
--- a/nginx/files/_log.conf
+++ b/nginx/files/_log.conf
@@ -2,7 +2,7 @@
{%- set site = salt['pillar.get']('nginx:server:site:'+site_name) %}
{%- if site.get('log', {}).get('enabled', True) %}
- access_log {{ site.get('log', {}).get('access', server.log_dir + '/' + site_name + '-access.log') }};
+ access_log {{ site.get('log', {}).get('access', server.log_dir + '/' + site_name + '-access.log') }} combine_with_milliseconds;
error_log {{ site.get('log', {}).get('error', server.log_dir + '/' + site_name + '-error.log') }};
{%- else %}
access_log off;
diff --git a/nginx/files/nginx.conf b/nginx/files/nginx.conf
index 991e662..b2d6738 100644
--- a/nginx/files/nginx.conf
+++ b/nginx/files/nginx.conf
@@ -35,7 +35,21 @@
# Logging Settings
##
- access_log {{ server.get('log', {}).get('access', server.log_dir + '/access.log') }};
+ map $time_local $datetime {
+ "~(?<datetime_part>[0-9]{2}/[A-Z][a-z]{2}/[0-9]{4}:[0-9]{2}:[0-9]{2}:[0-9]{2})\s" $datetime_part;
+ }
+ map $time_local $timezone {
+ "~(?<timezone_part>Z|[+-]\d{2}(?::?\d{2})?)" $timezone_part;
+ }
+ map $msec $millisec {
+ ~\.(?<millisec_part>[0-9]+)$ $millisec_part;
+ }
+
+ log_format combine_with_milliseconds '$remote_addr - $remote_user [$datetime.$millisec $timezone] '
+ '"$request" $status $bytes_sent '
+ '"$http_referer" "$http_user_agent"';
+
+ access_log {{ server.get('log', {}).get('access', server.log_dir + '/access.log') }} combine_with_milliseconds;
error_log {{ server.get('log', {}).get('error', server.log_dir + '/error.log') }};
##
diff --git a/nginx/meta/fluentd.yml b/nginx/meta/fluentd.yml
index 017594d..8767e89 100644
--- a/nginx/meta/fluentd.yml
+++ b/nginx/meta/fluentd.yml
@@ -12,10 +12,10 @@
pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/nginx.access.pos
parser:
type: regexp
- time_format: '%d/%b/%Y:%H:%M:%S %z'
+ time_format: '%d/%b/%Y:%H:%M:%S.%N %z'
time_key: Timestamp
- keep_time_key: false
- # access_log format: https://regex101.com/r/CkdzZP/1
+ keep_time_key: true
+ # access_log format: https://regex101.com/r/CkdzZP/3
format: '/^(?<Payload>(?<http_client_ip_address>[^ ]*) - (?<http_user>[^ ]*) \[(?<Timestamp>[^\]]*)\] "(?<http_method>\S+) (?<http_url>[^ ]*) \S*" (?<http_status>[^ ]*) (?<http_response_size>[^ ]*) "(?<http_referer>[^\"]*)" "(?<http_agent>[^\"]*)")$/'
error_log:
type: tail