├── .gitignore ├── LICENSE ├── files ├── admin-kibana-objects.json └── user-kibana-objects.json └── scripts ├── aliases ├── allocate-empty-primary ├── allocate-replica-shards ├── allocate-stale-primary ├── can-view-logs ├── check-es-cluster-connectivity ├── check-fluentd-to-es-connectivity ├── check-kibana-to-es-connectivity ├── clo-logs ├── close-indice ├── dots-in-field-names ├── enable-shard-allocation ├── env-prep ├── eo-logs ├── es-disk-usage ├── es-exec ├── es-query ├── explain-unassigned-shard ├── export-kibana-objects ├── fluentd-queue-report ├── get-cluster-settings ├── get-node-infra-info ├── health ├── images ├── import-cluster-logging-kibana-ui-objects ├── import-kibana-objects ├── indices ├── kibana-index-name ├── node-log-rate ├── open-indice ├── peg-index-to-node ├── pods ├── set-cluster-performance-options ├── set-cluster-setting ├── unassigned └── view-es-permissions /.gitignore: -------------------------------------------------------------------------------- 1 | scripts/.logging-ns 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /files/admin-kibana-objects.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "_id": "$OBJECT_UUID", 4 | "_type": "index-pattern", 5 | "_source": { 6 | "title": "infra", 7 | "timeFieldName": "@timestamp", 8 | "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aushape.data.execve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aushape.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aushape.node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"aushape.serial\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"aushape.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aushape.trimmed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container_id_short\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container_image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"docker.container_name.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.sauid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipaddr4\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipaddr4.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipaddr6\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container_image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kubernetes.container_image.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container_image_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kubernetes.container_image_id.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kubernetes.container_name.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.firstTimestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.apiVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.resourceVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.resourceVersion\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.selfLink\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.source_component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.verb\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.flat_labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kubernetes.flat_labels.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.deployment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.deploymentconfig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.deploymentconfig.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.master_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"namespace_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"namespace_uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.cluster_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.correlationid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.engine_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.entity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.host_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.module_lineno\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.inputname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.ipaddr4\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.ipaddr4.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.ipaddr6\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.original_raw_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pipeline_metadata.collector.original_raw_message.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.received_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.inputname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.ipaddr4\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.ipaddr4.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.ipaddr6\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.original_raw_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pipeline_metadata.normalizer.original_raw_message.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.received_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.trace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rsyslog.appname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rsyslog.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rsyslog.msgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rsyslog.protocol-version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rsyslog.structured-data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.KERNEL_DEVICE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.KERNEL_SUBSYSTEM\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.UDEV_DEVLINK\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.UDEV_DEVNODE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.UDEV_SYSNAME\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.AUDIT_LOGINUID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.AUDIT_SESSION\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.BOOT_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.CAP_EFFECTIVE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.CMDLINE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.COMM\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.EXE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.GID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.HOSTNAME\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.LINE_BREAK\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.MACHINE_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.PID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SELINUX_CONTEXT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SOURCE_REALTIME_TIMESTAMP\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.STREAM_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_CGROUP\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_INVOCATION_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_OWNER_UID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_SESSION\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_SLICE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_UNIT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_USER_UNIT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.TRANSPORT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.UID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.CODE_FILE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.CODE_FUNCTION\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.CODE_LINE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.ERRNO\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.MESSAGE_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.RESULT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.SYSLOG_FACILITY\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.SYSLOG_IDENTIFIER\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.SYSLOG_PID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.UNIT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.in_bin\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.in_txt\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tlog.out_bin\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.out_txt\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tlog.pos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.session\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.term\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.timing\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.ver\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"viaq_index_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"viaq_msg_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]" 9 | }, 10 | "_meta": { 11 | "savedObjectVersion": 2 12 | } 13 | }, 14 | { 15 | "_id": "$SEARCH_UUID", 16 | "_type": "search", 17 | "_source": { 18 | "title": "Infra Container Logs", 19 | "description": "", 20 | "hits": 0, 21 | "columns": [ 22 | "kubernetes.namespace_name", 23 | "kubernetes.pod_name", 24 | "kubernetes.container_name", 25 | "message" 26 | ], 27 | "sort": [ 28 | "@timestamp", 29 | "desc" 30 | ], 31 | "version": 1, 32 | "kibanaSavedObjectMeta": { 33 | "searchSourceJSON": "{\"index\":\"$OBJECT_UUID\"}" 34 | } 35 | } 36 | }, 37 | { 38 | "_id": "$SEARCH_UUID_2", 39 | "_type": "search", 40 | "_source": { 41 | "title": "Infra Node Logs", 42 | "description": "", 43 | "hits": 0, 44 | "columns": [ 45 | "systemd.t.EXE", 46 | "hostname", 47 | "level", 48 | "message" 49 | ], 50 | "sort": [ 51 | "@timestamp", 52 | "desc" 53 | ], 54 | "version": 1, 55 | "kibanaSavedObjectMeta": { 56 | "searchSourceJSON": "{\"index\":\"$OBJECT_UUID\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"exists(system.t.EXE)\",\"language\":\"lucene\"},\"filter\":[]}" 57 | } 58 | } 59 | }, 60 | { 61 | "_id": "$VIS_1_UUID", 62 | "_type": "visualization", 63 | "_source": { 64 | "title": "Kubernetes Infrastructure Container Logs by Namespace, Pod, Container", 65 | "visState": "{\"title\":\"Kubernetes Infrastructure Container Logs by Namespace, Pod, Container\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"type\":\"pie\",\"legendPosition\":\"right\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kubernetes.namespace_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kubernetes.pod_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kubernetes.container_name.raw\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", 66 | "uiStateJSON": "{}", 67 | "description": "Kubernetes Infrastructure Container Logs by Namespace, Pod, Container", 68 | "savedSearchId": "$SEARCH_UUID", 69 | "version": 1, 70 | "kibanaSavedObjectMeta": { 71 | "searchSourceJSON": "{\"filter\":[]}" 72 | } 73 | } 74 | }, 75 | { 76 | "_id": "$VIS_2_UUID", 77 | "_type": "visualization", 78 | "_source": { 79 | "title": "Kubernetes Infrastructure Container Logs over Time w/ Container Name", 80 | "visState": "{\"title\":\"Kubernetes Infrastructure Container Logs over Time w/ Container Name\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"setYExtents\":false,\"defaultYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\"}],\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"kubernetes.container_name.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", 81 | "uiStateJSON": "{}", 82 | "description": "Kubernetes Infrastructure Container over Time-w-slash-Container-Name", 83 | "savedSearchId": "$SEARCH_UUID", 84 | "version": 1, 85 | "kibanaSavedObjectMeta": { 86 | "searchSourceJSON": "{\"filter\":[]}" 87 | } 88 | } 89 | }, 90 | { 91 | "_id": "$DASHBOARD_UID", 92 | "_type": "dashboard", 93 | "_source": { 94 | "title": "Kubernetes Infrastructure Log Overview", 95 | "hits": 0, 96 | "description": "", 97 | "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"id\":\"$VIS_2_UUID\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.8.1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"id\":\"$VIS_1_UUID\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.8.1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"id\":\"$SEARCH_UUID\",\"panelIndex\":\"3\",\"type\":\"search\",\"version\":\"6.8.1\"}]", 98 | "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", 99 | "version": 1, 100 | "timeRestore": false, 101 | "kibanaSavedObjectMeta": { 102 | "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" 103 | } 104 | } 105 | } 106 | ] -------------------------------------------------------------------------------- /files/user-kibana-objects.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "_id": "$OBJECT_UUID", 4 | "_type": "index-pattern", 5 | "_source": { 6 | "title": "app", 7 | "timeFieldName": "@timestamp", 8 | "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aushape.data.execve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aushape.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aushape.node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"aushape.serial\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"aushape.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aushape.trimmed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container_id_short\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container_image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"docker.container_name.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.sauid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipaddr4\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipaddr4.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipaddr6\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container_image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kubernetes.container_image.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container_image_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kubernetes.container_image_id.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kubernetes.container_name.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.firstTimestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.apiVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.resourceVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.involvedObject.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.resourceVersion\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.selfLink\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.metadata.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.source_component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.event.verb\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.flat_labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kubernetes.flat_labels.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.deployment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.deploymentconfig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.deploymentconfig.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.labels.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.master_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"namespace_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"namespace_uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.cluster_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.correlationid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.engine_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.entity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.host_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.module_lineno\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ovirt.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.inputname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.ipaddr4\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.ipaddr4.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.ipaddr6\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.original_raw_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pipeline_metadata.collector.original_raw_message.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.received_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.collector.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.inputname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.ipaddr4\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.ipaddr4.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.ipaddr6\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.original_raw_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pipeline_metadata.normalizer.original_raw_message.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.received_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.normalizer.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pipeline_metadata.trace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rsyslog.appname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rsyslog.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rsyslog.msgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rsyslog.protocol-version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rsyslog.structured-data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.KERNEL_DEVICE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.KERNEL_SUBSYSTEM\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.UDEV_DEVLINK\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.UDEV_DEVNODE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.k.UDEV_SYSNAME\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.AUDIT_LOGINUID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.AUDIT_SESSION\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.BOOT_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.CAP_EFFECTIVE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.CMDLINE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.COMM\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.EXE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.GID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.HOSTNAME\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.LINE_BREAK\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.MACHINE_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.PID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SELINUX_CONTEXT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SOURCE_REALTIME_TIMESTAMP\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.STREAM_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_CGROUP\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_INVOCATION_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_OWNER_UID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_SESSION\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_SLICE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_UNIT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.SYSTEMD_USER_UNIT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.TRANSPORT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.t.UID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.CODE_FILE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.CODE_FUNCTION\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.CODE_LINE\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.ERRNO\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.MESSAGE_ID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.RESULT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.SYSLOG_FACILITY\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.SYSLOG_IDENTIFIER\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.SYSLOG_PID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"systemd.u.UNIT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.in_bin\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.in_txt\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tlog.out_bin\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.out_txt\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tlog.pos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.session\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.term\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.timing\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tlog.ver\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"viaq_index_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"viaq_msg_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]" 9 | }, 10 | "_meta": { 11 | "savedObjectVersion": 2 12 | } 13 | }, 14 | { 15 | "_id": "$SEARCH_UUID", 16 | "_type": "search", 17 | "_source": { 18 | "title": "Application Logs", 19 | "description": "", 20 | "hits": 0, 21 | "columns": [ 22 | "kubernetes.namespace_name", 23 | "kubernetes.pod_name", 24 | "kubernetes.container_name", 25 | "message" 26 | ], 27 | "sort": [ 28 | "@timestamp", 29 | "desc" 30 | ], 31 | "version": 1, 32 | "kibanaSavedObjectMeta": { 33 | "searchSourceJSON": "{\"index\":\"$OBJECT_UUID\"}" 34 | } 35 | } 36 | }, 37 | { 38 | "_id": "$VIS_1_UUID", 39 | "_type": "visualization", 40 | "_source": { 41 | "title": "Kubernetes Application Logs by Namespace, Pod, Container", 42 | "visState": "{\"title\":\"Kubernetes Application Logs by Namespace, Pod, Container\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"type\":\"pie\",\"legendPosition\":\"right\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kubernetes.namespace_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kubernetes.pod_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kubernetes.container_name.raw\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", 43 | "uiStateJSON": "{}", 44 | "description": "Kubernetes Application Logs by Namespace,-Pod,-Container", 45 | "savedSearchId": "$SEARCH_UUID", 46 | "version": 1, 47 | "kibanaSavedObjectMeta": { 48 | "searchSourceJSON": "{\"filter\":[]}" 49 | } 50 | } 51 | }, 52 | { 53 | "_id": "$VIS_2_UUID", 54 | "_type": "visualization", 55 | "_source": { 56 | "title": "Kubernetes Application Logs over Time w/ Container Name", 57 | "visState": "{\"title\":\"Kubernetes Application Logs over Time w/ Container Name\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"setYExtents\":false,\"defaultYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\"}],\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"kubernetes.container_name.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", 58 | "uiStateJSON": "{}", 59 | "description": "Kubernetes Application Logs over Time with Container Name", 60 | "savedSearchId": "$SEARCH_UUID", 61 | "version": 1, 62 | "kibanaSavedObjectMeta": { 63 | "searchSourceJSON": "{\"filter\":[]}" 64 | } 65 | } 66 | }, 67 | { 68 | "_id": "$DASHBOARD_UID", 69 | "_type": "dashboard", 70 | "_source": { 71 | "title": "Kubernetes Application Log Overview", 72 | "hits": 0, 73 | "description": "", 74 | "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":0},\"id\":\"$VIS_2_UUID\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.8.1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":0},\"id\":\"$VIS_1_UUID\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.8.1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":15},\"id\":\"$SEARCH_UUID\",\"panelIndex\":\"3\",\"type\":\"search\",\"version\":\"6.8.1\"}]", 75 | "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", 76 | "version": 1, 77 | "timeRestore": false, 78 | "kibanaSavedObjectMeta": { 79 | "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}" 80 | } 81 | } 82 | } 83 | ] -------------------------------------------------------------------------------- /scripts/aliases: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | source env-prep 5 | 6 | oc exec -n $LOGGING_NS -c elasticsearch $pod -- es_util --query=_cat/aliases?v 7 | -------------------------------------------------------------------------------- /scripts/allocate-empty-primary: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script allocates all unassigned primary shards where the allocation failed to a given node using 4 | # the openshift binary. 5 | # 6 | # !!! WARNING !!!! 7 | # Using this command leads to complete data loss. 8 | # Ref: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/cluster-reroute.html 9 | # 10 | # The binary must be in the path and the user executing the script 11 | # must have access to logging project. The inputs are: 12 | # pod An Elasticsearch pod name 13 | # node (Optional) An node Elasticsearch cluster which should be any one of the DC's. 14 | cd $(dirname "${BASH_SOURCE[0]}") 15 | source env-prep 16 | 17 | node=${1:-} 18 | if [ -z "${node}" ] ; then 19 | node=$(oc -n $LOGGING_NS get dc -l component=elasticsearch -o jsonpath={.items[0].metadata.name}) 20 | fi 21 | 22 | read -r -d '' SCRIPT << "EOF" 23 | IFS=$'\n' unassigned=$(es_util --query=_cat/shards?h=index,shard,prirep,state,unassigned.reason | grep 'p UNASSIGNED ALLOCATION_FAILED' | grep -v INDEX_CREATED) 24 | regex="([-\.a-z0-9]*)\s+([0-9]+)\s+([r|p])" 25 | payload='' 26 | for line in $(echo "$unassigned"); do 27 | if [[ ${line} =~ ${regex} ]]; then 28 | index=${BASH_REMATCH[1]} 29 | shard=${BASH_REMATCH[2]} 30 | if [ -n "${payload}" ] ; then 31 | payload="${payload}," 32 | fi 33 | payload="${payload}{\"allocate_empty_primary\":{\"index\":\"$index\",\"shard\":$shard,\"node\":\"$node\",\"accept_data_loss\":\"true\"}}" 34 | fi 35 | done 36 | payload="{\"commands\":[$payload]}" 37 | file=$(mktemp) 38 | echo $payload > $file 39 | es_util --query='_cluster/reroute?pretty' -XPOST -d @$file 40 | EOF 41 | 42 | oc -n $LOGGING_NS exec -t -c elasticsearch $pod -- bash -c "node=${node} ${SCRIPT}" 43 | -------------------------------------------------------------------------------- /scripts/allocate-replica-shards: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script allocates all unassigned primary shards to a given node using 4 | # the openshift binary. The binary must be in the path and the user executing the script 5 | # must have access to logging project. The inputs are: 6 | # pod An Elasticsearch pod name 7 | # node (Optional) An node Elasticsearch cluster which should be any one of the DC's. 8 | cd $(dirname "${BASH_SOURCE[0]}") 9 | source env-prep 10 | 11 | node=${1:-} 12 | if [ -z "${node}" ] ; then 13 | node=$(oc -n $LOGGING_NS get dc -l component=elasticsearch -o jsonpath={.items[0].metadata.name}) 14 | fi 15 | 16 | read -r -d '' SCRIPT << "EOF" 17 | IFS=$'\n' unassigned=$(es_util --query=_cat/shards?h=index,shard,prirep,state,unassigned.reason | grep UNASSIGNED | grep -v INDEX_CREATED) 18 | regex="([-\.a-z0-9]*)\s+([0-9]+)\s+([r|p])" 19 | payload='' 20 | for line in $(echo "$unassigned"); do 21 | if [[ ${line} =~ ${regex} ]]; then 22 | index=${BASH_REMATCH[1]} 23 | shard=${BASH_REMATCH[2]} 24 | type=${BASH_REMATCH[3]} 25 | if [ -n "${payload}" ] ; then 26 | payload="${payload}," 27 | fi 28 | payload="${payload}{\"allocate_replica\":{\"index\":\"$index\",\"shard\":$shard,\"node\":\"$node\"}}" 29 | fi 30 | done 31 | payload="{\"commands\":[$payload]}" 32 | file=$(mktemp) 33 | echo $payload > $file 34 | es_util --query=_cluster/reroute?pretty -XPOST -d @$file 35 | EOF 36 | 37 | oc exec -t -c elasticsearch $pod -- bash -c "node=${node} ${SCRIPT}" 38 | -------------------------------------------------------------------------------- /scripts/allocate-stale-primary: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script allocates all unassigned primary shards to a given node using 4 | # the openshift binary. The binary must be in the path and the user executing the script 5 | # must have access to logging project. The inputs are: 6 | # 7 | # !!! WARNING !!!! 8 | # Using this command may lead to complete data loss. 9 | # Ref: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/cluster-reroute.html 10 | # 11 | # pod An Elasticsearch pod name 12 | # node (Optional) An node Elasticsearch cluster which should be any one of the DC's. 13 | cd $(dirname "${BASH_SOURCE[0]}") 14 | source env-prep 15 | 16 | node=${1:-} 17 | if [ -z "${node}" ] ; then 18 | node=$(oc -n $LOGGING_NS get dc -l component=elasticsearch -o jsonpath={.items[0].metadata.name}) 19 | fi 20 | 21 | read -r -d '' SCRIPT << "EOF" 22 | IFS=$'\n' unassigned=$(es_util --query=_cat/shards?h=index,shard,prirep,state,unassigned.reason | grep 'p UNASSIGNED' | grep -v INDEX_CREATED) 23 | regex="([-\.a-z0-9]*)\s+([0-9]+)\s+([r|p])" 24 | payload='' 25 | for line in $(echo "$unassigned"); do 26 | if [[ ${line} =~ ${regex} ]]; then 27 | index=${BASH_REMATCH[1]} 28 | shard=${BASH_REMATCH[2]} 29 | if [ -n "${payload}" ] ; then 30 | payload="${payload}," 31 | fi 32 | payload="${payload}{\"allocate_stale_primary\":{\"index\":\"$index\",\"shard\":$shard,\"node\":\"$node\",\"accept_data_loss\":\"true\"}}" 33 | fi 34 | done 35 | payload="{\"commands\":[$payload]}" 36 | file=$(mktemp) 37 | echo $payload > $file 38 | cat $file 39 | es_util --query='_cluster/reroute?pretty' -XPOST -d @$file 40 | EOF 41 | 42 | oc exec -t -c elasticsearch $pod -- bash -c "node=${node} ${SCRIPT}" 43 | 44 | -------------------------------------------------------------------------------- /scripts/can-view-logs: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | cd $(dirname "${BASH_SOURCE[0]}") 6 | 7 | user=${1:-} 8 | namespace=${2:-default} 9 | 10 | usage(){ 11 | echo 12 | echo Usage: 13 | echo $0 username [namespace] 14 | } 15 | 16 | if [ "$user" == "" ] ; then 17 | usage 18 | exit 1 19 | fi 20 | 21 | admintoken=$(oc whoami -t) 22 | ns=openshift-operators-redhat 23 | pod=$(oc -n $ns get pods | grep elasticsearch-operator | cut -d ' ' -f1) 24 | container=elasticsearch-operator 25 | 26 | sar='{"kind":"SubjectAccessReview","apiVersion":"authorization.k8s.io/v1","spec":{"user":"$user","resourceAttributes":{"namespace":"$namespace","verb":"get","resource":"pods/log"}}}' 27 | sar=$(echo $sar|sed "s/\$user/$user/g") 28 | sar=$(echo $sar|sed "s/\$namespace/$namespace/g") 29 | 30 | 31 | cmd='curl -sk https://$KUBERNETES_PORT_443_TCP_ADDR/apis/authorization.k8s.io/v1/subjectaccessreviews' 32 | cmd="$cmd -H'Authorization: Bearer $admintoken' -H'Content-type:application/json' -XPOST -d'$sar'" 33 | 34 | 35 | resp=$(oc -n $ns exec -c $container $pod -- bash -c "$cmd") 36 | if [ "$?" != "0" ] ; then 37 | echo "Error: $respo" 38 | exit 1 39 | fi 40 | 41 | if [ "$(echo $resp | jq '.status.allowed')" == "true" ] ; then 42 | echo $user allowed: yes 43 | echo reason: "$(echo $resp | jq '.status.reason')" 44 | echo namespace: $namespace 45 | if [ $namespace == "default" ] ; then 46 | echo " Note: 'default' implies read logs in all namespaces as a cluster-admin" 47 | fi 48 | exit 0 49 | fi 50 | 51 | echo $user allowed: no 52 | echo namespace: $namespace 53 | if [ $namespace == "default" ] ; then 54 | echo " Note: 'default' implies read logs in all namespaces as a cluster-admin" 55 | fi 56 | exit 1 57 | 58 | -------------------------------------------------------------------------------- /scripts/check-es-cluster-connectivity: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | # Checks the connectivity between the Elasticsearch nodes based on the published endpoints 4 | # of the cluster service 5 | 6 | cd $(dirname "${BASH_SOURCE[0]}") 7 | source env-prep 8 | 9 | TIMEOUT=${1:-1} #1 sec 10 | 11 | endpoints=($(oc -n ${LOGGING_NS} get endpoints elasticsearch-cluster -o jsonpath={.subsets[*].addresses[*].ip})) 12 | pods=($(oc -n ${LOGGING_NS} get pods -l component=elasticsearch -o jsonpath={.items[*].metadata.name})) 13 | if [ ${#endpoints[@]} -ne ${#pods[@]} ] ; then 14 | echo "[WARN] The number of service endpoints: '${#endpoints[@]}' is different then the number of pods: '${#pods[@]}'" 15 | fi 16 | 17 | echo "Checking Elasticsearch pod connectivity on cluster ports..." 18 | for p in ${pods[@]}; do 19 | echo " Checking pod ${p}..." 20 | for e in ${endpoints[@]}; do 21 | echo " Checking endpoint ${e}..." 22 | result=$(timeout --preserve-status -s 2 ${TIMEOUT} \ 23 | oc -n ${LOGGING_NS} exec -c elasticsearch ${p} -- bash -c "exit | curl -sS telnet://${e}:9300" || echo $?) 24 | 25 | #130 = 128 + 2 (SIGINT) 26 | # 7 = unable to route 27 | if [ ${result} -ne 130 ] ; then 28 | echo " Unable to connect! Result code: ${result}" 29 | else 30 | echo " Connected" 31 | fi 32 | done 33 | done 34 | -------------------------------------------------------------------------------- /scripts/check-fluentd-to-es-connectivity: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | # Checks the connectivity between Fluentd and the Elasticsearch cluster 4 | # of the cluster service 5 | 6 | cd $(dirname "${BASH_SOURCE[0]}") 7 | source env-prep 8 | 9 | service=${1:-elasticsearch} 10 | pods=($(oc -n ${LOGGING_NS} get pods -l component=fluentd -o jsonpath={.items[*].metadata.name})) 11 | attempts=${2:-5} 12 | 13 | echo "Checking connectivity from Fluentd to Elasticsearch..." 14 | for p in ${pods[@]}; do 15 | echo " Checking pod ${p}..." 16 | echo " total(s) namelookup(s) connect(s) appconnect(s) pretransfer(s) redirect(s) starttransfer(s)" 17 | echo " -------- ------------- ---------- ------------- -------------- ----------- ----------------" 18 | for i in $(seq 1 $attempts) ; do 19 | result=$(oc -n ${LOGGING_NS} exec ${p} -- curl -sS -o /dev/null \ 20 | -w "%{time_connect}\t %{time_namelookup}\t %{time_connect}\t %{time_appconnect}\t %{time_pretransfer}\t %{time_redirect}\t %{time_starttransfer}" \ 21 | https://${service}:9200 \ 22 | --cacert /etc/fluent/keys/ca-bundle.crt \ 23 | --cert /etc/fluent/keys/tls.crt \ 24 | --key /etc/fluent/keys/tls.key) 25 | printf "%8s %14s %11s %13s %14s %11s %16s\n" $result 26 | done 27 | done 28 | -------------------------------------------------------------------------------- /scripts/check-kibana-to-es-connectivity: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | # Checks the connectivity between Kibana and the Elasticsearch cluster 4 | # of the cluster service 5 | 6 | cd $(dirname "${BASH_SOURCE[0]}") 7 | source env-prep 8 | 9 | service=${1:-logging-es} 10 | pods=($(oc -n ${LOGGING_NS} get pods -l component=kibana -o jsonpath={.items[*].metadata.name})) 11 | attempts=${2:-5} 12 | 13 | echo "Checking connectivity from Kibana to Elasticsearch..." 14 | for p in ${pods[@]}; do 15 | echo " Checking pod ${p}..." 16 | echo " total(s) namelookup(s) connect(s) appconnect(s) pretransfer(s) redirect(s) starttransfer(s)" 17 | echo " -------- ------------- ---------- ------------- -------------- ----------- ----------------" 18 | for i in $(seq 1 $attempts) ; do 19 | result=$(oc -n ${LOGGING_NS} exec -c kibana ${p} -- curl -sS -o /dev/null \ 20 | -w "%{time_connect}\t %{time_namelookup}\t %{time_connect}\t %{time_appconnect}\t %{time_pretransfer}\t %{time_redirect}\t %{time_starttransfer}" \ 21 | https://${service}:9200 \ 22 | --cacert /etc/kibana/keys/ca \ 23 | --cert /etc/kibana/keys/cert \ 24 | --key /etc/kibana/keys/key) 25 | printf "%8s %14s %11s %13s %14s %11s %16s\n" $result 26 | done 27 | done 28 | 29 | -------------------------------------------------------------------------------- /scripts/clo-logs: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | oc -n openshift-logging logs deployment/cluster-logging-operator $@ 3 | -------------------------------------------------------------------------------- /scripts/close-indice: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script closes the given index 3 | # https://www.elastic.co/guide/en/elasticsearch/reference/5.6/indices-open-close.html 4 | cd $(dirname "${BASH_SOURCE[0]}") 5 | source env-prep 6 | 7 | index=${1} 8 | 9 | oc -n $LOGGING_NS exec -c elasticsearch $pod -- es_util --query=$index/_close 10 | -------------------------------------------------------------------------------- /scripts/dots-in-field-names: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script lists all field names in the cluster that contain the dot in the name like "foo.bar" 4 | # For more context see https://bugzilla.redhat.com/show_bug.cgi?id=1666141#c5 5 | # It requires jq and egrep to be available on the machine from which this script is run 6 | 7 | cd $(dirname "${BASH_SOURCE[0]}") 8 | source env-prep 9 | 10 | oc exec -c elasticsearch -n $LOGGING_NS $pod -- es_util --query='_mapping?pretty&filter_path=**.mappings.*.properties' \ 11 | | jq '.[].mappings[].properties | keys' \ 12 | | jq .[] \ 13 | | egrep -e "\." 14 | -------------------------------------------------------------------------------- /scripts/enable-shard-allocation: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cd $(dirname "${BASH_SOURCE[0]}") 3 | source env-prep 4 | enable=${1:-"all"} #or none 5 | PERSIST=${PERSIST:-"transient"} 6 | oc exec -n $LOGGING_NS -c elasticsearch $pod -- es_util --query=_cluster/settings -XPUT -d "{\"${PERSIST}\":{\"cluster.routing.allocation.enable\":\"${enable}\"}}" 7 | -------------------------------------------------------------------------------- /scripts/env-prep: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -n "${SDEBUG:-}" ] ; then 4 | set -x 5 | fi 6 | 7 | # Override default logging namespace 8 | # Try 'openshift-logging' or 'logging' 9 | if [ -f ".logging-ns" ] ; then 10 | LOGGING_NS=$(cat .logging-ns) 11 | fi 12 | 13 | export LOGGING_NS=${LOGGING_NS:-openshift-logging} 14 | if [ -z "${pod:-}" ] ; then 15 | pod=$(oc -n $LOGGING_NS get pod -l component=elasticsearch -o jsonpath={.items[0].metadata.name} --ignore-not-found) 16 | if [ "$?" != "0" ] ; then 17 | echo "Running 'oc -n $LOGGING_NS get pod -l component=elasticsearch' failed, possibly due to the" >&2 18 | echo "namespace being wrong. Look into 'env-prep' file to see how to override that." >&2 19 | echo "(If this is a V3 cluster, run 'git checkout release-3.x' before doing anything else.)" >&2 20 | fi 21 | fi 22 | -------------------------------------------------------------------------------- /scripts/eo-logs: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | oc -n openshift-operators-redhat logs deployment/elasticsearch-operator $@ 3 | -------------------------------------------------------------------------------- /scripts/es-disk-usage: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | cd $(dirname "${BASH_SOURCE[0]}") 5 | source env-prep 6 | for p in $(oc -n ${LOGGING_NS} get pods -o jsonpath={.items[*].metadata.name} -l component=elasticsearch); do 7 | oc -n ${LOGGING_NS} exec -c elasticsearch $p -- df -h | grep -E "persistent|Mounted"; 8 | done 9 | -------------------------------------------------------------------------------- /scripts/es-exec: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | source env-prep 5 | 6 | pod=$1 7 | shift 8 | 9 | oc -n ${LOGGING_NS} exec -c elasticsearch $pod -- "$@" 10 | -------------------------------------------------------------------------------- /scripts/es-query: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | source env-prep 5 | 6 | query="$1" 7 | shift 1 8 | 9 | oc exec -n $LOGGING_NS -c elasticsearch $pod -- es_util --query="${query}" $@ 10 | -------------------------------------------------------------------------------- /scripts/explain-unassigned-shard: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | source env-prep 5 | 6 | index=${1} 7 | shard=${2:-0} 8 | primary=${3:-'false'} 9 | 10 | oc -n $LOGGING_NS exec -c elasticsearch $pod -- es_util --query=_cluster/allocation/explain?pretty -d"{\"index\": \"$index\", \"shard\": $shard, \"primary\": $primary}" 11 | -------------------------------------------------------------------------------- /scripts/export-kibana-objects: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eo pipefail 4 | 5 | function usage() { 6 | cat << EOF 7 | 8 | Export a given user's kibana objects from their unique 9 | kibana index and write the results to STDOUT as a JSON array 10 | that can be imported using Kibana 11 | 12 | usage: 13 | $0 [objects] 14 | 15 | username The user's name or '\$\$kibana' if it should retrieve 16 | the '.kibana' objects 17 | objects a comma delimited list of objects (Defaults: index-pattern,visualization,dashboard,search) 18 | 19 | EOF 20 | exit "1" 21 | } 22 | 23 | cd $(dirname "${BASH_SOURCE[0]}") 24 | source env-prep 25 | 26 | if [ -z "${1:-}" ] ; then 27 | usage 28 | fi 29 | 30 | 31 | pwd=$(dirname $0) 32 | username=$1 33 | OBJECTS=${2:-index-pattern,visualization,dashboard,search} 34 | OBJECTS=$(echo $OBJECTS | sed "s/,/','/g") 35 | kibindex=$(${pwd}/kibana-index-name ${username}) 36 | 37 | if [ "$username" == '$$kibana' ] ; then 38 | kibindex=.kibana 39 | fi 40 | 41 | query="${kibindex}/doc/_search" 42 | filter=$(echo "{'query':{'terms':{'type':['$OBJECTS']}}}" | sed "s/'/\"/g") 43 | 44 | 45 | result=$(oc -n ${LOGGING_NS} exec -c elasticsearch $pod -- es_util --query=${query} -d ${filter} 2>&1) 46 | echo $result | jq '[.hits.hits[] |{_id: (.["_id"] | split(":")[1]),_type:.["_source"]["type"], _source:._source[._source.type]} ]' 47 | -------------------------------------------------------------------------------- /scripts/fluentd-queue-report: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | cd $(dirname "${BASH_SOURCE[0]}") 5 | source env-prep 6 | 7 | usage() { 8 | cat <> debug 2>&1 108 | #oc exec -n $ns $pod -- ls -alrt --time-style=+%s /var/lib/fluentd/ >> debug 2>&1 109 | if ! node=$(oc get pod -n $ns $pod -o jsonpath='{.spec.nodeName}') || test -z "$node" ; then 110 | #echo Warning: could not get node for $pod 111 | node=unknown-$pod 112 | fi 113 | nodetype=$( nodetype $node ) 114 | # output=$( oc exec -n $ns $pod -- ls -alrt --time-style=+%s /var/lib/fluentd/ | awk ' 115 | output=$( oc exec -n $ns $pod -- find /var/lib/fluentd -type f -name \*.log -printf "%s %T@" | awk ' 116 | BEGIN {sum = 0; oldestts = -1; newestts = 0} 117 | { 118 | if (oldestts == -1 || $2 < oldestts) {oldestts = $2} 119 | if ($2 > newestts) {newestts = $2} 120 | sum = sum + $1 121 | } 122 | END {print sum, int(oldestts), int(newestts)}' ) || : 123 | now=$( date +%s ) 124 | sum=$( echo $output | awk '{print $1}' ) 125 | sum=${sum:-0} 126 | oldestts=$( echo $output | awk '{print $2}' ) 127 | newestts=$( echo $output | awk '{print $3}' ) 128 | if [ -z "${oldestts:-}" -o "${oldestts:-'-1'}" = "-1" ] ; then 129 | oldestperpod=0 130 | else 131 | oldestperpod=$(expr $now - $oldestts) || : 132 | fi 133 | if [ -z "${newestts:-}" -o "${newestts:-0}" = "0" ] ; then 134 | newestperpod=0 135 | else 136 | newestperpod=$(expr $now - $newestts) || : 137 | fi 138 | total=$( expr $total + $sum ) || : 139 | if [ -z "${min:-}" -o $sum -lt "${min:-0}" ] ; then 140 | min=$sum 141 | minpod=$pod 142 | minnode=$node 143 | minnodetype=$nodetype 144 | fi 145 | if [ -z "${max:-}" -o $sum -gt "${max:-0}" ] ; then 146 | max=$sum 147 | maxpod=$pod 148 | maxnode=$node 149 | maxnodetype=$nodetype 150 | fi 151 | if [ -z "${oldest:-}" -o $oldestperpod -gt "${oldest:-0}" ] ; then 152 | oldest=$oldestperpod 153 | oldestpod=$pod 154 | oldestnode=$node 155 | oldestnodetype=$nodetype 156 | fi 157 | if [ -z "${newest:-}" -o $newestperpod -lt "${newest:-0}" ] ; then 158 | newest=$newestperpod 159 | newestpod=$pod 160 | newestnode=$node 161 | newestnodetype=$nodetype 162 | fi 163 | podcolor=$( color $oldestperpod ) 164 | case $podcolor in 165 | green) numgreen=$(expr $numgreen + 1) ;; 166 | yellow) numyellow=$(expr $numyellow + 1) ;; 167 | red) numred=$(expr $numred + 1) ;; 168 | esac 169 | 170 | if [ "${PER_POD:-false}" = true ] ; then 171 | podline $podcolor $oldestperpod $newestperpod $sum $pod $nodetype $node 172 | fi 173 | num=$( expr $num + 1 ) 174 | done 175 | echo "" 176 | echo SUMMARY 177 | echo "" 178 | summary() { 179 | printf "%-26s %4.4s %3.3s %6.6s %5.5s %6.6s %10.10s %10.10s %10.10s\n" "$@" 180 | } 181 | summary TIME PODS RED YELLOW GREEN OLDEST TOTAL_SIZE LARGEST AVERAGE 182 | summary $(date -Isec) $num $numred $numyellow $numgreen $oldest $total $max $(expr $total / $num) 183 | 184 | echo "" 185 | 186 | detail() { 187 | printf "%-7s buffer file was on %-3s %-21s %-4s %-7s %s\n" "$@" 188 | } 189 | detail OLDEST pod $oldestpod node $oldestnodetype $oldestnode 190 | detail LARGEST pod $maxpod node $maxnodetype $maxnode 191 | -------------------------------------------------------------------------------- /scripts/get-cluster-settings: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-get-settings.html 4 | 5 | cd $(dirname "${BASH_SOURCE[0]}") 6 | source env-prep 7 | 8 | oc exec -n $LOGGING_NS -c elasticsearch $pod -- es_util --query='_cluster/settings?include_defaults=true&pretty' 9 | -------------------------------------------------------------------------------- /scripts/get-node-infra-info: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | cd $(dirname "${BASH_SOURCE[0]}") 5 | source env-prep 6 | 7 | echo "node instance type" 8 | for n in $(oc get nodes -l node-role.kubernetes.io/infra=true -o jsonpath={.items[*].metadata.name}); do 9 | instance_type=$(oc get node $n -o jsonpath={.metadata.labels.beta\\.kubernetes\\.io/instance-type}) 10 | echo "$n $instance_type" 11 | done 12 | -------------------------------------------------------------------------------- /scripts/health: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | source env-prep 5 | 6 | oc exec -n $LOGGING_NS -c elasticsearch $pod -- health 7 | -------------------------------------------------------------------------------- /scripts/images: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | source env-prep 5 | echo "Deployments" 6 | echo "----" 7 | oc get deployments -n $LOGGING_NS -o yaml | grep image: | sort | uniq 8 | 9 | echo "Daemonsets" 10 | echo "----" 11 | oc get ds -n $LOGGING_NS -o yaml | grep image: | sort | uniq 12 | 13 | echo "Cronjobs" 14 | echo "----" 15 | oc get cronjobs -n $LOGGING_NS -o yaml | grep image: | sort | uniq 16 | 17 | echo "Pods" 18 | echo "----" 19 | for p in $(oc get pods -n $LOGGING_NS -o jsonpath={.items[*].metadata.name}); do 20 | echo "$p : $(oc get pod $p -n $LOGGING_NS -o yaml | grep image: | sort | uniq)" 21 | done 22 | 23 | -------------------------------------------------------------------------------- /scripts/import-cluster-logging-kibana-ui-objects: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | set -euo pipefail 4 | 5 | # if [ -n "${DEBUG:-}" -o $loglevelint = 7 ] ; then 6 | # set -x 7 | # curl_output() { 8 | # python -mjson.tool 9 | # } 10 | # else 11 | # curl_output() { 12 | # cat > /dev/null 2>&1 13 | # } 14 | # fi 15 | 16 | function usage() { 17 | echo 18 | echo Usage: $0 user-name 19 | echo The kibana index for the given user must already exist 20 | echo And assumes Elasticsearch is configured to have a unique 21 | echo Kibana index for each user. 22 | echo 23 | } 24 | if [ -z "${1:-}" ] ; then 25 | usage 26 | exit 1 27 | fi 28 | IMPORT_FILE="../files/user-kibana-objects.json" 29 | 30 | username=$1 31 | if [ "$username" == "admin" ] ; then 32 | echo Populating admin templates for 'admin' tenant 33 | username=admin 34 | IMPORT_FILE="$IMPORT_FILE ../files/admin-kibana-objects.json" 35 | fi 36 | kibindex=$( ./kibana-index-name "$username" ) 37 | 38 | resp_code=$( ./es-query "$kibindex" \ 39 | --request HEAD --head --output /dev/null \ 40 | -w '%{response_code}' ) 41 | 42 | if [ "$resp_code" != 200 ] ; then 43 | echo Could not find kibana index \"$kibindex\" for user \"$1\": $resp_code 44 | exit 1 45 | fi 46 | 47 | echo Adding Kibana dashboards and other UI objects for user \"$1\" index \"$kibindex\" 48 | for f in $IMPORT_FILE; do 49 | targetName=/tmp/$(basename $f) 50 | ip_uuid=$(uuidgen) 51 | search_uuid=$(uuidgen) 52 | search_uuid_2=$(uuidgen) 53 | vis_1_uuid=$(uuidgen) 54 | vis_2_uuid=$(uuidgen) 55 | sed "s/\$OBJECT_UUID/$ip_uuid/g" $f > $targetName 56 | sed -i "s/\$SEARCH_UUID/$search_uuid/g" $targetName 57 | sed -i "s/\$SEARCH_UUID_2/$search_uuid_2/g" $targetName 58 | sed -i "s/\$VIS_1_UUID/$vis_1_uuid/g" $targetName 59 | sed -i "s/\$VIS_2_UUID/$vis_2_uuid/g" $targetName 60 | sed -i "s/\$DASHBOARD_UID/$(uuidgen)/g" $targetName 61 | ./import-kibana-objects $username $targetName 62 | done -------------------------------------------------------------------------------- /scripts/import-kibana-objects: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eo pipefail 4 | 5 | function usage() { 6 | cat << EOF 7 | 8 | Import kibana objects to the kibana index for the given user. NOTE: This script 9 | overwrites/updates any objects of the same type and id 10 | 11 | usage: 12 | $0 13 | 14 | username The username from which to determine the kibana index 15 | objects_json An exported JSON from the export script or Kibana 16 | 17 | EOF 18 | exit "1" 19 | } 20 | 21 | cd $(dirname "${BASH_SOURCE[0]}") 22 | source env-prep 23 | 24 | if [ -z "${1:-}" ] ; then 25 | usage 26 | fi 27 | 28 | 29 | pwd=$(dirname $0) 30 | username=$1 31 | file=$2 32 | kibindex=$(${pwd}/kibana-index-name ${username}) 33 | 34 | if [ "$username" == '$$kibana' ] ; then 35 | kibindex=.kibana 36 | fi 37 | 38 | query="${kibindex}/_bulk" 39 | response=$({ 40 | cat "$file" | python -c ' 41 | import sys 42 | import json 43 | obj = json.load(sys.stdin) 44 | for doc in obj: 45 | hdr = {"index":{"_type":"doc", "_id": doc["_type"]+":"+doc["_id"]}} 46 | json.dump(hdr, sys.stdout) 47 | sys.stdout.write("\n") 48 | line = {"type": doc["_type"], } 49 | line[doc["_type"]] = doc["_source"] 50 | json.dump(line, sys.stdout) 51 | sys.stdout.write("\n") 52 | ' 53 | } | oc -n ${LOGGING_NS} exec -i -c elasticsearch $pod -- es_util --query="${query}" -XPOST --data-binary @- 54 | ) 55 | 56 | echo $response | python -c ' 57 | import sys 58 | import json 59 | obj = json.load(sys.stdin) 60 | if obj["errors"]: 61 | sys.stdout.write(json.dumps(obj, indent=4)) 62 | sys.stdout.write("\n") 63 | else: 64 | sys.stdout.write("Success") 65 | ' 66 | -------------------------------------------------------------------------------- /scripts/indices: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | source env-prep 5 | 6 | oc exec -n $LOGGING_NS -c elasticsearch $pod -- indices 7 | -------------------------------------------------------------------------------- /scripts/kibana-index-name: -------------------------------------------------------------------------------- 1 | #!/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | ''' 5 | OD toUserIndexName() 6 | originalKibanaIndex+"_"+tenant.hashCode()+"_"+tenant.toLowerCase().replaceAll("[^a-z0-9]+",EMPTY_STRING); 7 | ''' 8 | 9 | import sys,re 10 | 11 | username = sys.argv[1] 12 | def java_string_hashcode(s): 13 | """https://stackoverflow.com/questions/22845913/function-to-replicate-the-output-of-java-lang-string-hashcode-in-python-and-no""" 14 | """Mimic Java's hashCode in python 2""" 15 | h = 0 16 | for c in list(s.encode('utf8')): 17 | h = int((((31 * h + c) ^ 0x80000000) & 0xFFFFFFFF) - 0x80000000) 18 | return h 19 | 20 | hashCode = java_string_hashcode(username) 21 | print(".kibana_" + str(hashCode) + "_" + re.sub("[^a-z0-9]","",username.lower())) 22 | -------------------------------------------------------------------------------- /scripts/node-log-rate: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | cd $(dirname "${BASH_SOURCE[0]}") 6 | source env-prep 7 | 8 | DEBUG=${DEBUG:-false} 9 | ns=${LOGGING_NS:-openshift-logging} 10 | INTERVAL=${INTERVAL:-30} 11 | SORTCOLUMN=${SORTCOLUMN:-1} 12 | SORTFLAGS="-n" 13 | if [ $SORTCOLUMN -gt 6 ] ; then 14 | SORTFLAGS="" 15 | fi 16 | 17 | usage() { 18 | cat < $workdir/f-pod-node 2>&1 99 | while read pod node ; do 100 | oc -n $ns exec $pod -- bash -c 'journalctl -m -a -o export -S "'$INTERVAL' seconds ago" | awk "/^\$/ {recs += 1}; {bytes += length(\$0)}; END {print recs,bytes}"' > $workdir/${ns}_${pod}_${node}_journal.out 2> $workdir/${pod}_${node}_journal.err & 101 | done < $workdir/f-pod-node 102 | 103 | oc get pods --all-namespaces --template '{{range .items}} {{print .metadata.namespace " " .metadata.name " " .spec.nodeName "\n"}} {{end}}' > $workdir/ns-pod-node 2>&1 104 | while read podns pod node ; do 105 | oc -n $podns logs --all-containers --pod-running-timeout=1s --since=${INTERVAL}s $pod | wc > $workdir/${podns}_${pod}_${node}_file.out 2> $workdir/${podns}_${pod}_${node}_file.err & 106 | done < $workdir/ns-pod-node 107 | wait 108 | 109 | totjrecs=0; totjbytes=0; totfrecs=0; totfbytes=0; totrecs=0; totbytes=0 110 | declare -A nodebytes noderecs nodejbytes nodejrecs nodefbytes nodefrecs nodetypes 111 | for file in $workdir/*.out ; do 112 | local basename=$( basename $file .out ) 113 | read podns pod node ftype <<<$( echo $basename | sed 's/_/ /g' ) 114 | local nodetype=$( nodetype $node ) 115 | nodetypes[$node]=$nodetype 116 | local recs=0 words=0 bytes=0 117 | if [ "$ftype" = file ] ; then 118 | if [ -s $file ] ; then 119 | read recs words bytes < $file 120 | fi 121 | nodefbytes[$node]=$(( ${nodefbytes[$node]:-0} + bytes )) || : 122 | nodefrecs[$node]=$(( ${nodefrecs[$node]:-0} + recs )) || : 123 | totfbytes=$(( totfbytes + bytes )) || : 124 | totfrecs=$(( totfrecs + recs )) || : 125 | else 126 | if [ -s $file ] ; then 127 | read recs bytes < $file 128 | fi 129 | nodejbytes[$node]=$(( ${nodejbytes[$node]:-0} + bytes )) || : 130 | nodejrecs[$node]=$(( ${nodejrecs[$node]:-0} + recs )) || : 131 | totjbytes=$(( totjbytes + bytes )) || : 132 | totjrecs=$(( totjrecs + recs )) || : 133 | fi 134 | nodebytes[$node]=$(( ${nodebytes[$node]:-0} + bytes )) || : 135 | noderecs[$node]=$(( ${noderecs[$node]:-0} + recs )) || : 136 | totbytes=$(( totbytes + bytes )) || : 137 | totrecs=$(( totrecs + recs )) || : 138 | done 139 | if [ "${PER_NODE:-false}" = true ] ; then 140 | nodeheader 141 | for node in ${!nodebytes[@]} ; do 142 | nodeline ${nodebytes[$node]} ${noderecs[$node]} ${nodejbytes[$node]:-0} ${nodejrecs[$node]:-0} ${nodefbytes[$node]} ${nodefrecs[$node]} ${nodetypes[$node]} $node 143 | done | sort -b $SORTFLAGS -k $SORTCOLUMN 144 | fi 145 | totnodes=${#nodebytes[@]} 146 | } 147 | 148 | workdir=$( mktemp -d ) 149 | trap "rm -rf ${workdir:-/var/tmp/nosuchdir}" EXIT 150 | 151 | gather_node_stats 152 | totbyterate=$(( totbytes / INTERVAL )) 153 | totrecrate=$(( totrecs / INTERVAL )) 154 | avgrecsize=$(( totbytes / totrecs )) 155 | jbyterate=$(( totjbytes / INTERVAL )) 156 | jrecrate=$(( totjrecs / INTERVAL )) 157 | fbyterate=$(( totfbytes / INTERVAL )) 158 | frecrate=$(( totfrecs / INTERVAL )) 159 | echo "" 160 | echo total nodes: $totnodes 161 | echo average record size in bytes in the past $INTERVAL seconds: $avgrecsize 162 | totheader 163 | totline $(date -Isec) $totbyterate $totrecrate $jbyterate $jrecrate $fbyterate $frecrate 164 | -------------------------------------------------------------------------------- /scripts/open-indice: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script opens the given index 3 | # https://www.elastic.co/guide/en/elasticsearch/reference/5.6/indices-open-close.html 4 | cd $(dirname "${BASH_SOURCE[0]}") 5 | source env-prep 6 | 7 | index=${1} 8 | 9 | oc -n $LOGGING_NS exec -c elasticsearch $pod -- es_util --query=$index/_open 10 | -------------------------------------------------------------------------------- /scripts/peg-index-to-node: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # 3 | # This script pegs a specific index to a given node 4 | # 5 | # peg-index-to-node $pod $index $es_node 6 | 7 | cd $(dirname "${BASH_SOURCE[0]}") 8 | source env-prep 9 | 10 | pod=$1 11 | index=$2 12 | node=$3 13 | 14 | oc -n ${LOGGING_NS} -c elasticsearch exec ${pod} -- es_util --query="${index}/_settings" -XPUT -d "{\"index.routing.allocation.include._name\": \"${node}\"}" 15 | -------------------------------------------------------------------------------- /scripts/pods: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | source env-prep 5 | 6 | component=$1 7 | component=${component:-} 8 | 9 | if [ -n "$component" ] ; then 10 | component="-l component=${component}" 11 | fi 12 | 13 | oc -n ${LOGGING_NS} get pods ${component:-} 14 | -------------------------------------------------------------------------------- /scripts/set-cluster-performance-options: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ./set-cluster-setting indices.recovery.max_bytes_per_sec 150mb; 4 | 5 | ./set-cluster-setting cluster.routing.allocation.cluster_concurrent_rebalance 50; 6 | 7 | ./set-cluster-setting cluster.routing.allocation.node_initial_primaries_recoveries 15; 8 | 9 | ./set-cluster-setting cluster.routing.allocation.node_concurrent_incoming_recoveries 50; 10 | ./set-cluster-setting cluster.routing.allocation.node_concurrent_outgoing_recoveries 50; 11 | ./set-cluster-setting cluster.routing.allocation.node_concurrent_recoveries 50; 12 | -------------------------------------------------------------------------------- /scripts/set-cluster-setting: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-update-settings.html 4 | 5 | cd $(dirname "${BASH_SOURCE[0]}") 6 | source env-prep 7 | PERSIST=${PERSIST:-"transient"} 8 | 9 | commandusage() { 10 | echo "Usage: ${0} key value" 11 | echo "Example: ${0} cluster.routing.allocation.node_concurrent_incoming_recoveries 50" 12 | exit 1 # error 13 | } 14 | 15 | settingkey=${1:-} 16 | if [ -z "${settingkey}" ] ; then 17 | commandusage 18 | fi 19 | 20 | settingvalue=${2:-} 21 | if [ -z "${settingvalue}" ] ; then 22 | commandusage 23 | fi 24 | 25 | # Find requests to default the value 26 | if [ "${settingvalue}" == "default" ] \ 27 | || [ "${settingvalue}" == "null" ] \ 28 | || [ "${settingvalue}" == "none" ] \ 29 | || [ "${settingvalue}" == "None" ] ; then 30 | settingvalue="null" 31 | else 32 | # quote the value 33 | settingvalue="\"${settingvalue}\"" 34 | fi 35 | 36 | echo ${settingkey} ${settingvalue} 37 | oc exec -n $LOGGING_NS -c elasticsearch $pod -- es_util --query=_cluster/settings -XPUT -d "{\"${PERSIST}\":{\"${settingkey}\":${settingvalue}}}" 38 | echo # extra new line because es_util doesn't add one 39 | -------------------------------------------------------------------------------- /scripts/unassigned: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | source env-prep 5 | 6 | oc exec -c elasticsearch -n $LOGGING_NS $pod -- es_util --query=_cat/shards?h=index,shard,prirep,state,unassigned.reason| grep UNASSIGNED 7 | -------------------------------------------------------------------------------- /scripts/view-es-permissions: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # This script displays the current set of SearchGuard permissions 3 | # 4 | # must have access to logging project. The inputs are: 5 | # pod An Elasticsearch pod name 6 | 7 | cd $(dirname "${BASH_SOURCE[0]}") 8 | source env-prep 9 | 10 | roles=$(oc -n $LOGGING_NS exec -c elasticsearch $pod -- es_acl get --doc=roles) 11 | mappings=$(oc -n $LOGGING_NS exec -c elasticsearch $pod -- es_acl get --doc=rolesmapping) 12 | actions=$(oc -n $LOGGING_NS exec -c elasticsearch $pod -- es_acl get --doc=actiongroups) 13 | 14 | read -r -d '' SCRIPT << "EOF" 15 | import json,sys 16 | 17 | roles=json.loads(sys.argv[1]) 18 | mappings=json.loads(sys.argv[2]) 19 | actions=json.loads(sys.argv[3]) 20 | 21 | def permissions(name,perms=set()): 22 | if name in actions: 23 | for a in actions[name]: 24 | if a in actions and a not in perms: 25 | perms.union(permissions(a,perms)) 26 | else: 27 | perms.add(a) 28 | return perms 29 | perms.add(name) 30 | return perms 31 | 32 | def printPermissions(perms): 33 | for perm in perms: 34 | roleActions = set() 35 | permissions(perm, roleActions) 36 | for action in sorted(roleActions): 37 | print(" |-" + action) 38 | 39 | for role in mappings: 40 | for mtype, users in mappings[role].items(): 41 | if mtype in ['users','backendroles']: 42 | for user in users: 43 | print("") 44 | print(user) 45 | if role in roles: 46 | perms = roles[role] 47 | for ptype, pset in perms.items(): 48 | if 'cluster' == ptype: 49 | print(" |--- cluster:") 50 | printPermissions(pset) 51 | if 'indices' == ptype: 52 | print(" |- indices:") 53 | for index, docperms in pset.items(): 54 | for doc, perms in docperms.items(): 55 | print(" |-" + index + "/" + doc) 56 | if doc == '_dls_': 57 | print(" |-" + perms) 58 | else: 59 | printPermissions(perms) 60 | else: 61 | print("[WARN] role not found for rolemapping:" + role) 62 | 63 | EOF 64 | 65 | python -c "$SCRIPT" "$roles" "$mappings" "$actions" 66 | 67 | --------------------------------------------------------------------------------