From 4f03c511186651f8e0ee6c6ce26b0e96a3c9fd0d Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Thu, 27 Sep 2018 14:56:52 -0400
Subject: [PATCH] Add Instance ID to logs

This will parse the logs and grab the instance ID out of it.

Change-Id: I9ad0c0e8d6101cca1fc3c4a7cb5cabc3504e6e28
---
 elk_metrics_6x/templates/logstash-pipelines.yml.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/elk_metrics_6x/templates/logstash-pipelines.yml.j2 b/elk_metrics_6x/templates/logstash-pipelines.yml.j2
index 89bdd106..80c73101 100644
--- a/elk_metrics_6x/templates/logstash-pipelines.yml.j2
+++ b/elk_metrics_6x/templates/logstash-pipelines.yml.j2
@@ -195,6 +195,14 @@
               remove_field => [ "logdate" ]
             }
             if "nova" in [tags] {
+              # Instance ID from logs (i.e. "[instance: 5ee83c6e-3604-467a-be54-e48429086e3f]")
+              grok {
+                match => {
+                  "logmessage" => ["(\[instance\: %{NOTSPACE:instance_id}\] )?%{GREEDYDATA:logmessage}?"]
+                }
+                overwrite => [ "logmessage" ]
+              }
+
               if [module] == "nova.api.openstack.requestlog" {
                 grok {
                   match => { "logmessage" => "%{IPORHOST:client_ip} \"%{WORD:verb} %{NOTSPACE:request}\" status\: %{NUMBER:response} len\: %{NUMBER:bytes} microversion\: %{NUMBER:microversion} time\: %{NUMBER:duration:float}" }