Hey Andrew, thanks for the help!
Those dashboards you listed now have ECS equivalents. Please have a look
when you have a chance. Note that the ECS-formatted logs are being
duplicated and these duplicated logs go back no more than two days.
If those dashboards look good to you, let me know and we'll turn off the
duplication. Doing that will fully transition these logs to ECS and lift
the two-day retention limit.
Thanks!
On Thu, May 13, 2021 at 1:00 PM Andrew Bogott <abogott(a)wikimedia.org> wrote:
On 5/12/21 3:50 PM, Cole White wrote:
Hello!
We (Observability) have identified a few OpenStack syslog producers as
prime candidates for migration to the Common Logging Schema. We've
prepared a patch
<https://gerrit.wikimedia.org/r/c/operations/puppet/+/689262> that will
duplicate the currently produced OpenStack logs to an ECS-compatible form
to demo and prepare ECS-compatible Kibana dashboards.
This is great! I don't think anyone is super attached to the current
format of the logs, so anything you want to do to rework them is great. The
only thing moderately interesting about openstack logs is that they include
a request ID which is passed around and consistent across the different
services; it's very useful for tracking particular issues so it should
maintain pride of place in whatever post-processed messages we wind up with.
What we need from you:
1. A quick review to see if we're missing anything.
Done, I've listed three more services in the patch: glance, trove, barbican
1. A list of Kibana dashboards and saved searches that need
translation to use the new format.
There are a lot -- basically one per service x one per deployment. You
can find the list by searching for 'OpenStack' and then disregarding the
Horizon and haproxy things.
That said, the most important dashboards are:
- OpenStack codfw1dev
- OpenStack eqiad1
- OpenStack Nova codfw1dev Control Services
- OpenStack Nova eqiad1 Control Services
- OpenStack Nova codfw1dev Compute
- OpenStack Nova eqiad1 Compute
If you run out of gas at the end of that list (or even part way through)
feel free to drop the cleanup on me and I can decide if the other
dashboards are worth updating or can be done away with.
Thanks in advance! And as always, questions are welcome!
Thanks again!
-Andrew
--
Cole White
Wikimedia Foundation
_______________________________________________
Cloud-admin mailing list -- cloud-admin(a)lists.wikimedia.org
To unsubscribe send an email to cloud-admin-leave(a)lists.wikimedia.org
--
Cole White
Wikimedia Foundation