Many updates, sample play, and sample dashboard for kibana

049f04b3 · Carson Gee · a19470df · 049f04b3 · 049f04b3 · 049f04b3
Commit 049f04b3 authored Mar 19, 2014 by Carson Gee
8 changed files
--- a/playbooks/log_server.yml
+++ b/playbooks/log_server.yml
+---
+# Build a kibana/logstash/elasticsearch server for capturing and
+# analyzing logs.
+- name: Configure syslog server
+  hosts: all
+  sudo: yes
+  roles:
+    - common
+    - oraclejdk
+    - elasticsearch
+    - logstash
+    - kibana
+    - role: nginx
+      nginx_sites:
+        - kibana
--- a/playbooks/roles/kibana/defaults/main.yml
+++ b/playbooks/roles/kibana/defaults/main.yml
 ---
-KIBANA_SERVER_NAME: log.example.com
+KIBANA_SERVER_NAME: "192.168.33.10"
 KIBANA_NGINX_PORT: 80
 KIBANA_SSL_NGINX_PORT: 443


--- a/playbooks/roles/kibana/files/sample_dashboard.json
+++ b/playbooks/roles/kibana/files/sample_dashboard.json
+{
+  "title": "edX Log Analysis",
+  "services": {
+    "query": {
+      "idQueue": [],
+      "list": {
+        "0": {
+          "query": "@message: WARNING",
+          "alias": "",
+          "color": "#EAB839",
+          "id": 0,
+          "pin": false,
+          "type": "lucene",
+          "enable": true
+        },
+        "1": {
+          "id": 1,
+          "color": "#7EB26D",
+          "query": "@message: INFO",
+          "alias": "",
+          "pin": false,
+          "type": "lucene",
+          "enable": true
+        },
+        "2": {
+          "id": 2,
+          "color": "#BF1B00",
+          "query": "@message: ERROR",
+          "alias": "",
+          "pin": false,
+          "type": "lucene",
+          "enable": true
+        },
+        "3": {
+          "id": 3,
+          "color": "#F9D9F9",
+          "query": "*",
+          "alias": "",
+          "pin": false,
+          "type": "lucene",
+          "enable": true
+        }
+      },
+      "ids": [
+        0,
+        1,
+        2,
+        3
+      ]
+    },
+    "filter": {
+      "idQueue": [
+        1,
+        2,
+        3
+      ],
+      "list": {
+        "0": {
+          "type": "time",
+          "field": "@timestamp",
+          "from": "now-1h",
+          "to": "now",
+          "mandate": "must",
+          "active": true,
+          "alias": "",
+          "id": 0
+        },
+        "1": {
+          "type": "querystring",
+          "query": "*pika*",
+          "mandate": "mustNot",
+          "active": true,
+          "alias": "",
+          "id": 1
+        },
+        "2": {
+          "type": "querystring",
+          "query": "*connectionpool*",
+          "mandate": "mustNot",
+          "active": true,
+          "alias": "",
+          "id": 3
+        }
+      },
+      "ids": [
+        0,
+        1,
+        2
+      ]
+    }
+  },
+  "rows": [
+    {
+      "title": "Graph",
+      "height": "350px",
+      "editable": true,
+      "collapse": false,
+      "collapsable": true,
+      "panels": [
+        {
+          "span": 12,
+          "editable": true,
+          "group": [
+            "default"
+          ],
+          "type": "histogram",
+          "mode": "count",
+          "time_field": "@timestamp",
+          "value_field": null,
+          "auto_int": true,
+          "resolution": 100,
+          "interval": "30s",
+          "fill": 3,
+          "linewidth": 3,
+          "timezone": "browser",
+          "spyable": true,
+          "zoomlinks": true,
+          "bars": false,
+          "stack": true,
+          "points": false,
+          "lines": true,
+          "legend": true,
+          "x-axis": true,
+          "y-axis": true,
+          "percentage": false,
+          "interactive": true,
+          "queries": {
+            "mode": "all",
+            "ids": [
+              0,
+              1,
+              2,
+              3
+            ]
+          },
+          "title": "Events over time",
+          "intervals": [
+            "auto",
+            "1s",
+            "1m",
+            "5m",
+            "10m",
+            "30m",
+            "1h",
+            "3h",
+            "12h",
+            "1d",
+            "1w",
+            "1M",
+            "1y"
+          ],
+          "options": true,
+          "tooltip": {
+            "value_type": "cumulative",
+            "query_as_alias": true
+          },
+          "scale": 1,
+          "y_format": "none",
+          "grid": {
+            "max": null,
+            "min": 0
+          },
+          "annotate": {
+            "enable": false,
+            "query": "*",
+            "size": 20,
+            "field": "_type",
+            "sort": [
+              "_score",
+              "desc"
+            ]
+          },
+          "pointradius": 5,
+          "show_query": true,
+          "legend_counts": true,
+          "zerofill": true,
+          "derivative": false
+        }
+      ],
+      "notice": false
+    },
+    {
+      "title": "Charts",
+      "height": "250px",
+      "editable": true,
+      "collapse": false,
+      "collapsable": true,
+      "panels": [
+        {
+          "span": 4,
+          "editable": true,
+          "type": "hits",
+          "loadingEditor": false,
+          "query": {
+            "field": "syslog_severity",
+            "goal": 100
+          },
+          "queries": {
+            "mode": "all",
+            "ids": [
+              0,
+              1,
+              2,
+              3
+            ]
+          },
+          "size": 10,
+          "exclude": [],
+          "donut": true,
+          "tilt": true,
+          "legend": "above",
+          "labels": true,
+          "mode": "terms",
+          "default_field": "DEFAULT",
+          "spyable": true,
+          "title": "Log Severity",
+          "style": {
+            "font-size": "10pt"
+          },
+          "arrangement": "horizontal",
+          "chart": "pie",
+          "counter_pos": "above"
+        },
+        {
+          "span": 4,
+          "editable": true,
+          "type": "hits",
+          "loadingEditor": false,
+          "query": {
+            "field": "@source_host",
+            "goal": 100
+          },
+          "queries": {
+            "mode": "all",
+            "ids": [
+              0,
+              1,
+              2,
+              3
+            ]
+          },
+          "size": 10,
+          "exclude": [],
+          "donut": true,
+          "tilt": true,
+          "legend": "above",
+          "labels": true,
+          "mode": "terms",
+          "default_field": "DEFAULT",
+          "spyable": true,
+          "title": "Logs by Host",
+          "style": {
+            "font-size": "10pt"
+          },
+          "arrangement": "horizontal",
+          "chart": "pie",
+          "counter_pos": "above"
+        },
+        {
+          "span": 4,
+          "editable": true,
+          "type": "hits",
+          "loadingEditor": false,
+          "style": {
+            "font-size": "10pt"
+          },
+          "arrangement": "horizontal",
+          "chart": "pie",
+          "counter_pos": "above",
+          "donut": true,
+          "tilt": true,
+          "labels": true,
+          "spyable": true,
+          "queries": {
+            "mode": "selected",
+            "ids": [
+              0,
+              1,
+              2
+            ]
+          },
+          "title": "Percent by Python Severity"
+        }
+      ],
+      "notice": false
+    },
+    {
+      "title": "Trends",
+      "height": "50px",
+      "editable": true,
+      "collapse": false,
+      "collapsable": true,
+      "panels": [
+        {
+          "span": 4,
+          "editable": true,
+          "type": "trends",
+          "loadingEditor": false,
+          "queries": {
+            "mode": "all",
+            "ids": [
+              0,
+              1,
+              2,
+              3
+            ]
+          },
+          "style": {
+            "font-size": "14pt"
+          },
+          "ago": "1h",
+          "arrangement": "vertical",
+          "spyable": true,
+          "title": "Hourly"
+        },
+        {
+          "span": 4,
+          "editable": true,
+          "type": "trends",
+          "loadingEditor": false,
+          "queries": {
+            "mode": "all",
+            "ids": [
+              0,
+              1,
+              2,
+              3
+            ]
+          },
+          "style": {
+            "font-size": "14pt"
+          },
+          "ago": "1d",
+          "arrangement": "vertical",
+          "spyable": true,
+          "title": "Daily"
+        },
+        {
+          "span": 4,
+          "editable": true,
+          "type": "trends",
+          "loadingEditor": false,
+          "queries": {
+            "mode": "all",
+            "ids": [
+              0,
+              1,
+              2,
+              3
+            ]
+          },
+          "style": {
+            "font-size": "14pt"
+          },
+          "ago": "1w",
+          "arrangement": "vertical",
+          "spyable": true,
+          "title": "Weekly"
+        }
+      ],
+      "notice": false
+    },
+    {
+      "title": "Error Events",
+      "height": "550px",
+      "editable": true,
+      "collapse": false,
+      "collapsable": true,
+      "panels": [
+        {
+          "error": false,
+          "span": 12,
+          "editable": true,
+          "type": "table",
+          "loadingEditor": false,
+          "status": "Stable",
+          "queries": {
+            "mode": "selected",
+            "ids": [
+              2
+            ]
+          },
+          "size": 100,
+          "pages": 5,
+          "offset": 0,
+          "sort": [
+            "@timestamp",
+            "desc"
+          ],
+          "group": "default",
+          "style": {
+            "font-size": "9pt"
+          },
+          "overflow": "min-height",
+          "fields": [
+            "@timestamp",
+            "@source_host",
+            "message"
+          ],
+          "highlight": [],
+          "sortable": true,
+          "header": true,
+          "paging": true,
+          "field_list": true,
+          "all_fields": false,
+          "trimFactor": 300,
+          "normTimes": true,
+          "spyable": true,
+          "title": "Errors",
+          "localTime": false,
+          "timeField": "@timestamp"
+        }
+      ],
+      "notice": false
+    },
+    {
+      "title": "Events",
+      "height": "350px",
+      "editable": true,
+      "collapse": false,
+      "collapsable": true,
+      "panels": [
+        {
+          "title": "All events",
+          "error": false,
+          "span": 12,
+          "editable": true,
+          "group": [
+            "default"
+          ],
+          "type": "table",
+          "size": 100,
+          "pages": 5,
+          "offset": 0,
+          "sort": [
+            "@timestamp",
+            "desc"
+          ],
+          "style": {
+            "font-size": "9pt"
+          },
+          "overflow": "min-height",
+          "fields": [
+            "@source_host",
+            "message"
+          ],
+          "highlight": [],
+          "sortable": true,
+          "header": true,
+          "paging": true,
+          "spyable": true,
+          "queries": {
+            "mode": "all",
+            "ids": [
+              0,
+              1,
+              2,
+              3
+            ]
+          },
+          "field_list": true,
+          "status": "Stable",
+          "trimFactor": 300,
+          "normTimes": true,
+          "all_fields": false,
+          "localTime": false,
+          "timeField": "@timestamp"
+        }
+      ],
+      "notice": false
+    }
+  ],
+  "editable": true,
+  "failover": false,
+  "index": {
+    "interval": "day",
+    "pattern": "[logstash-]YYYY.MM.DD",
+    "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED",
+    "warm_fields": true
+  },
+  "style": "dark",
+  "panel_hints": true,
+  "pulldowns": [
+    {
+      "type": "query",
+      "collapse": false,
+      "notice": false,
+      "query": "*",
+      "pinned": true,
+      "history": [
+        "*",
+        "@message: ERROR",
+        "@message: INFO",
+        "@message: WARNING",
+        "@message: WARN",
+        "*corresponding*",
+        "@message: INFO OR syslog_severity: info",
+        "@message: INFO OR @log_severity: info",
+        "ERROR",
+        "WARNING"
+      ],
+      "remember": 10,
+      "enable": true
+    },
+    {
+      "type": "filtering",
+      "collapse": true,
+      "notice": false,
+      "enable": true
+    }
+  ],
+  "nav": [
+    {
+      "type": "timepicker",
+      "collapse": false,
+      "notice": false,
+      "status": "Stable",
+      "time_options": [
+        "5m",
+        "15m",
+        "1h",
+        "6h",
+        "12h",
+        "24h",
+        "2d",
+        "7d",
+        "30d"
+      ],
+      "refresh_intervals": [
+        "5s",
+        "10s",
+        "30s",
+        "1m",
+        "5m",
+        "15m",
+        "30m",
+        "1h",
+        "2h",
+        "1d"
+      ],
+      "timefield": "@timestamp",
+      "now": true,
+      "filter_id": 0,
+      "enable": true
+    }
+  ],
+  "loader": {
+    "save_gist": false,
+    "save_elasticsearch": true,
+    "save_local": true,
+    "save_default": true,
+    "save_temp": true,
+    "save_temp_ttl_enable": true,
+    "save_temp_ttl": "30d",
+    "load_gist": true,
+    "load_elasticsearch": true,
+    "load_elasticsearch_size": 20,
+    "load_local": true,
+    "hide": false
+  },
+  "refresh": "1m"
+}
\ No newline at end of file
--- a/playbooks/roles/kibana/meta/default.yml
+++ b/playbooks/roles/kibana/meta/default.yml
+---
+dependencies:
+  - common
+  - nginx
--- a/playbooks/roles/kibana/templates/config.js.j2
+++ b/playbooks/roles/kibana/templates/config.js.j2
@@ -19,7 +19,15 @@ function (Settings) {
     * @type {String}
     */
    //elasticsearch: "http://"+window.location.hostname+":9200",
-	  elasticsearch: "https://{{ kibana_server_name }}/e",
+	{% if NGINX_ENABLE_SSL %}
+
+	  elasticsearch: "https://{{ KIBANA_SERVER_NAME }}/e",
+
+	{% else %}
+
+	  elasticsearch: "http://{{ KIBANA_SERVER_NAME }}/e",
+
+	{% endif %}

    /**
     * The default ES index to use for storing Kibana specific object
@@ -36,20 +44,19 @@ function (Settings) {
    panel_names: [
      'histogram',
      'map',
-      'pie',
      'table',
      'filtering',
      'timepicker',
      'text',
-      'fields',
      'hits',
-      'dashcontrol',
      'column',
-      'derivequeries',
      'trends',
      'bettermap',
      'query',
-      'terms'
+      'terms',
+	  'stats',
+	  'sparklines',
+	  'goal',
    ]
  });
 });
--- a/playbooks/roles/kibana/templates/kibana.j2
+++ b/playbooks/roles/kibana/templates/kibana.j2
-server {
-  listen 80;
-  server_name {{ kibana_server_name }};
-  root {{ kibana_app_dir }}/htdocs;
-
-  # Set image format types to expire in a very long time
-  location ~* ^.+\.(jpg|jpeg|gif|png|ico)$ {
-      access_log off;
-      expires max;
-  }
-
-  # Set css and js to expire in a very long time
-  location ~* ^.+\.(css|js)$ {
-      access_log off;
-      expires max;
-  }
-
-  # Catchall for everything else
-  location / {
-    root {{ kibana_app_dir }};
-    index index.html;
-    expires 1d;
-    try_files $uri/ $uri;
-    if (-f $request_filename) {
-      break;
-    }
-  }
-}
--- a/playbooks/roles/logstash/meta/default.yml
+++ b/playbooks/roles/logstash/meta/default.yml
+---
+dependencies:
+  - common
+  - elasticsearch
--- a/playbooks/roles/nginx/templates/kibana.j2
+++ b/playbooks/roles/nginx/templates/kibana.j2
+{%- if "kibana" in nginx_default_sites -%}
+  {%- set default_site = "default" -%}
+{%- else -%}
+  {%- set default_site = "" -%}
+{%- endif -%}
+
 upstream elasticsearch_server {
 		 server 127.0.0.1:9200;
 }