)]}'
{"specs/queens/tripleo-rsyslog-remote-logging.rst":[{"author":{"_account_id":10873,"name":"Juan Antonio Osorio Robles","email":"jaosorior@redhat.com","username":"ejuaoso"},"change_message_id":"3feeafb6105ea5d761e7811794568cba67916acd","unresolved":false,"context_lines":[{"line_number":35,"context_line":"work in detail."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Essentially this comes down to a set of options during the deployment of the"},{"line_number":38,"context_line":"rsyslog logging sidecar container."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Logging destination, local, remote direct, or remote aggregator."},{"line_number":41,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff82abbf_a33cf992","line":38,"range":{"start_line":38,"start_character":8,"end_line":38,"end_character":34},"updated":"2017-11-29 15:15:57.000000000","message":"I don\u0027t think this will go to the sidecar containers. But instead what the sidecar containers output will be picked up by another rsyslog container. This would be with the benefit that journald will have already put some nice metadata in the logs.","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":22306,"name":"Justin Kilpatrick","email":"jkilpatr@redhat.com","username":"jkilpatr"},"change_message_id":"0af829e823990b0733282729714f20be75749723","unresolved":false,"context_lines":[{"line_number":35,"context_line":"work in detail."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Essentially this comes down to a set of options during the deployment of the"},{"line_number":38,"context_line":"rsyslog logging sidecar container."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Logging destination, local, remote direct, or remote aggregator."},{"line_number":41,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff82abbf_3dc78848","line":38,"range":{"start_line":38,"start_character":8,"end_line":38,"end_character":34},"in_reply_to":"ff82abbf_761218b7","updated":"2017-11-30 17:18:39.000000000","message":"ok that\u0027s workable.","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":10873,"name":"Juan Antonio Osorio Robles","email":"jaosorior@redhat.com","username":"ejuaoso"},"change_message_id":"a1375507f953823734bb4537c38098bbbd8fa571","unresolved":false,"context_lines":[{"line_number":35,"context_line":"work in detail."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Essentially this comes down to a set of options during the deployment of the"},{"line_number":38,"context_line":"rsyslog logging sidecar container."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Logging destination, local, remote direct, or remote aggregator."},{"line_number":41,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff82abbf_761218b7","line":38,"range":{"start_line":38,"start_character":8,"end_line":38,"end_character":34},"in_reply_to":"ff82abbf_764bf85e","updated":"2017-11-30 12:57:20.000000000","message":"so, we for instance, for haproxy:\n\n\u003chaproxy container\u003e -\u003e \u003crsyslog sidecar that fetches logs\u003e\n\nthe logs would get picked up by journald.\n\nthen we would have an rsyslog container that forwards what it gets from journald.","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":22306,"name":"Justin Kilpatrick","email":"jkilpatr@redhat.com","username":"jkilpatr"},"change_message_id":"9727c4718766da8a6b28137d1f8723fe17d2bb56","unresolved":false,"context_lines":[{"line_number":35,"context_line":"work in detail."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Essentially this comes down to a set of options during the deployment of the"},{"line_number":38,"context_line":"rsyslog logging sidecar container."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Logging destination, local, remote direct, or remote aggregator."},{"line_number":41,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff82abbf_764bf85e","line":38,"range":{"start_line":38,"start_character":8,"end_line":38,"end_character":34},"in_reply_to":"ff82abbf_a33cf992","updated":"2017-11-30 12:29:49.000000000","message":"so we have \u003crsyslog in system process container\u003e -\u003e \u003crsyslog sidecar on machine\u003e -\u003e \u003cremote destination\u003e?","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"34ca7ec61c2da5c5790163bcb5f0e2f0da248d3e","unresolved":false,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Logging destination, local, remote direct, or remote aggregator."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"Remote direct means to go direct to a storage solution, in this case"},{"line_number":43,"context_line":"Elasticsearch or plaintext on the disk. Remote aggregator is a design where"},{"line_number":44,"context_line":"the processing, formatting, and insertion of the logs is a task left to the"},{"line_number":45,"context_line":"aggregator server. Using aggregators it\u0027s possible to scale log collection to"},{"line_number":46,"context_line":"hundreds of overcloud nodes without overwhelming the storage backend with"}],"source_content_type":"text/x-rst","patch_set":1,"id":"df87a7cf_ab456bb5","line":43,"range":{"start_line":42,"start_character":0,"end_line":43,"end_character":38},"updated":"2017-12-04 15:02:34.000000000","message":"Could you please provide an example for how this works for that case given above:\n\n\"\u003chaproxy container\u003e -\u003e \u003crsyslog sidecar that fetches logs\u003e\nthe logs would get picked up by journald.\" -\u003e ?\n\nIs it journald sends its streams to Elasticsearch?\nJust wanted to clarify what exactly we\u0027re proposing.\nThanks!","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"c17b0002ecaa40ed4a6f41df6d1f67682c59d5ec","unresolved":false,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Logging destination, local, remote direct, or remote aggregator."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"Remote direct means to go direct to a storage solution, in this case"},{"line_number":43,"context_line":"Elasticsearch or plaintext on the disk. Remote aggregator is a design where"},{"line_number":44,"context_line":"the processing, formatting, and insertion of the logs is a task left to the"},{"line_number":45,"context_line":"aggregator server. Using aggregators it\u0027s possible to scale log collection to"},{"line_number":46,"context_line":"hundreds of overcloud nodes without overwhelming the storage backend with"}],"source_content_type":"text/x-rst","patch_set":1,"id":"df87a7cf_ce69ddbe","line":43,"range":{"start_line":42,"start_character":0,"end_line":43,"end_character":38},"in_reply_to":"df87a7cf_6b51a336","updated":"2017-12-04 15:13:10.000000000","message":"Could you please clarify why we do not want journald sending streams directly to a remote source? I\u0027d prefer that option as it looks simpler (less components in the chain)","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":10873,"name":"Juan Antonio Osorio Robles","email":"jaosorior@redhat.com","username":"ejuaoso"},"change_message_id":"f7c4a964d429f6c6bea27434ceb510842546f9d3","unresolved":false,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Logging destination, local, remote direct, or remote aggregator."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"Remote direct means to go direct to a storage solution, in this case"},{"line_number":43,"context_line":"Elasticsearch or plaintext on the disk. Remote aggregator is a design where"},{"line_number":44,"context_line":"the processing, formatting, and insertion of the logs is a task left to the"},{"line_number":45,"context_line":"aggregator server. Using aggregators it\u0027s possible to scale log collection to"},{"line_number":46,"context_line":"hundreds of overcloud nodes without overwhelming the storage backend with"}],"source_content_type":"text/x-rst","patch_set":1,"id":"df87a7cf_6b51a336","line":43,"range":{"start_line":42,"start_character":0,"end_line":43,"end_character":38},"in_reply_to":"df87a7cf_ab456bb5","updated":"2017-12-04 15:06:35.000000000","message":"no, journald will log as it usually does, and there will b e an rsyslog instance (different from the sidecars) that will pick up the logs and send it to ElasticSearch.","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"6e3fd3d975528c7dcfbabe2c82c42e311c53bfae","unresolved":false,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Logging destination, local, remote direct, or remote aggregator."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"Remote direct means to go direct to a storage solution, in this case"},{"line_number":43,"context_line":"Elasticsearch or plaintext on the disk. Remote aggregator is a design where"},{"line_number":44,"context_line":"the processing, formatting, and insertion of the logs is a task left to the"},{"line_number":45,"context_line":"aggregator server. Using aggregators it\u0027s possible to scale log collection to"},{"line_number":46,"context_line":"hundreds of overcloud nodes without overwhelming the storage backend with"}],"source_content_type":"text/x-rst","patch_set":1,"id":"df87a7cf_476d9530","line":43,"range":{"start_line":42,"start_character":0,"end_line":43,"end_character":38},"in_reply_to":"df87a7cf_c7b8c5c9","updated":"2017-12-05 13:46:07.000000000","message":"that totally makes sense, thank you for clarification!","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":22306,"name":"Justin Kilpatrick","email":"jkilpatr@redhat.com","username":"jkilpatr"},"change_message_id":"6b6aeffc1c981d55e23c4dfc5622c05716b7dfd9","unresolved":false,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Logging destination, local, remote direct, or remote aggregator."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"Remote direct means to go direct to a storage solution, in this case"},{"line_number":43,"context_line":"Elasticsearch or plaintext on the disk. Remote aggregator is a design where"},{"line_number":44,"context_line":"the processing, formatting, and insertion of the logs is a task left to the"},{"line_number":45,"context_line":"aggregator server. Using aggregators it\u0027s possible to scale log collection to"},{"line_number":46,"context_line":"hundreds of overcloud nodes without overwhelming the storage backend with"}],"source_content_type":"text/x-rst","patch_set":1,"id":"df87a7cf_c7b8c5c9","line":43,"range":{"start_line":42,"start_character":0,"end_line":43,"end_character":38},"in_reply_to":"df87a7cf_ce69ddbe","updated":"2017-12-05 13:39:12.000000000","message":"so the diagram here is \u003crsyslog in process container\u003e -\u003e \u003cjournald\u003e -\u003e \u003crsyslog container\u003e -\u003e \u003coutside world / elasticsearch\u003e\n\nWe want to have rsyslog in this loop because it\u0027s programmable and formats the logs for us as well as handling inserts into ES. Journald isn\u0027t that flexible.","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":10873,"name":"Juan Antonio Osorio Robles","email":"jaosorior@redhat.com","username":"ejuaoso"},"change_message_id":"3feeafb6105ea5d761e7811794568cba67916acd","unresolved":false,"context_lines":[{"line_number":76,"context_line":""},{"line_number":77,"context_line":"Additional fields must be added in the format of"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"\u003csubject\u003e.\u003csubfield name\u003e"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"See an example by rsyslog for storage in Elasticsearch below."},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff82abbf_43588df8","line":79,"range":{"start_line":79,"start_character":0,"end_line":79,"end_character":9},"updated":"2017-11-29 15:15:57.000000000","message":"what is subject?","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":22306,"name":"Justin Kilpatrick","email":"jkilpatr@redhat.com","username":"jkilpatr"},"change_message_id":"9727c4718766da8a6b28137d1f8723fe17d2bb56","unresolved":false,"context_lines":[{"line_number":76,"context_line":""},{"line_number":77,"context_line":"Additional fields must be added in the format of"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"\u003csubject\u003e.\u003csubfield name\u003e"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"See an example by rsyslog for storage in Elasticsearch below."},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff82abbf_565a742a","line":79,"range":{"start_line":79,"start_character":0,"end_line":79,"end_character":9},"in_reply_to":"ff82abbf_43588df8","updated":"2017-11-30 12:29:49.000000000","message":"whatever you want, for example I have a \u0027browbeat\u0027 top level category that includes run and test details that I can use to figure out what logs come from what test etc.","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"34ca7ec61c2da5c5790163bcb5f0e2f0da248d3e","unresolved":false,"context_lines":[{"line_number":114,"context_line":"systemd.u.CODE_LINE \t\t1417"},{"line_number":115,"context_line":"systemd.u.MESSAGE_ID \t\tde5b426a63be47a7b6ac3eaac82e2f6f"},{"line_number":116,"context_line":"systemd.u.UNIT \t\tlvm2-pvscan@8:2.service"},{"line_number":117,"context_line":"tags"},{"line_number":118,"context_line":""},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":1,"id":"df87a7cf_2bd63bc7","line":117,"updated":"2017-12-04 15:02:34.000000000","message":"Would be nice to summarize these above as an example message processing workflow, like that \"haproxy\" example perhaps.","commit_id":"bbcce7352970e9a3797cbd16e73b1ce92e536232"},{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"6e3fd3d975528c7dcfbabe2c82c42e311c53bfae","unresolved":false,"context_lines":[{"line_number":127,"context_line":"the rsyslog container which formats this data into storable json and handles"},{"line_number":128,"context_line":"things like transforming fields and adding additional metadta as desired."},{"line_number":129,"context_line":"Finally the data is inserted into elasticsearch or further held by an"},{"line_number":130,"context_line":"aggrebator for a few seconds before being bulk inserted into Elasticsearch."},{"line_number":131,"context_line":""},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":2,"id":"df87a7cf_c762053f","line":130,"updated":"2017-12-05 13:46:07.000000000","message":"well done thanks!","commit_id":"bb9c4977b61279f7e110e2599fe6d9d11e882254"}]}