Puppet extractor for Graylog

Daniel Schutterop
15-10-2015

Not too long ago I received a question how hard it would be to log the duration of Puppet runs to Graylog. The answer was pretty straight forward: if your machine is currently logging to a Graylog instance, the information will already be there. By default, the line ‘Finished catalog run in n seconds’ will be present in your logging and at your disposal.

However, it might be easier to use an extractor to format your data while it’s being processed, so I wrote a small extractor for Puppet data in Graylog. As every extractor, it’s quite easy to import and use.

{
"extractors": [
{
"condition_type": "regex",
"condition_value": "^.*(puppet-agent\\[\\d[0-9]{0,9}.*\\]: Finished catalog run in (\\d[0-9]{0,9}\\.[0-9]{0,9}) seconds)",
"converters": [
{
"config": {},
"type": "numeric"
}
],
"cursor_strategy": "copy",
"extractor_config": {
"regex_value": "^.*puppet-agent\\[\\d[0-9]{0,9}.*\\]: Finished catalog run in ((\\d[0-9]{0,9}\\.[0-9]{0,9})) seconds"
},
"extractor_type": "regex",
"order": 0,
"source_field": "message",
"target_field": "puppetRunTime",
"title": "Puppet: Puppet run time"
},
{
"condition_type": "regex",
"condition_value": "^.*(puppet-agent\\[\\d[0-9]{0,9}.*\\]: Applying configuration version '(\\d[0-9]{0,9})')",
"converters": [
{
"config": {},
"type": "numeric"
}
],
"cursor_strategy": "copy",
"extractor_config": {
"regex_value": "^.*puppet-agent\\[\\d[0-9]{0,9}.*\\]: Applying configuration version '(\\d[0-9]{0,9})'"
},
"extractor_type": "regex",
"order": 0,
"source_field": "message",
"target_field": "puppetConfigVersion",
"title": "Puppet: Puppet Configuration Version"
}
],
"version": "0.91.1"
}

LEAVE A REPLY

you might also like