Develop tooling for quickly parsing 5xx and sampled-1000 logs
Closed, DeclinedPublic
Actions

Assigned To

None

Authored By

	Legoktm
	Oct 7 2021, 1:16 AM

Description

During an outage, there's often a need to quickly sift through 5xx.json and sampled-1000.json logs as they come in live, filtering based on response size, request volume, IP range.

I previously developed https://gitlab.com/legoktm/webreq-filter which does some of this, the idea being you'd tail -f the log file, add some grep filters if you know the DC or cache cluster affected and then pipe it into webreq-filter. I've currently been running a locally built binary of it out of my home directory, but intend to package and puppetize it after adding some more features (if there are no objections/concerns).

In theory we could also do this with logstash but admittedly I'm not as fast with it (yet!) and the various filtering options compared to a CLI tool.

Related Objects
Search...

Status	Assigned	Task
Resolved	fgiunchedi	T213157 Increase utilization of application logging pipeline (FY2018-2019 Q3 TEC6)
Resolved	fgiunchedi	T220103 TEC6: Logging infrastructure (Q4 2018/19 goal)
Open	colewhite	T213902 Implement sensitive logstash access control
Declined	None	T292682 Develop tooling for quickly parsing 5xx and sampled-1000 logs
Open	None	T288619 Improve the process to consume and use API.LOG to filter out bad performing queries either by extra tooling within o11y or analytics

Event Timeline

Legoktm created this task.Oct 7 2021, 1:16 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 7 2021, 1:16 AM

herron triaged this task as Medium priority.Oct 7 2021, 5:29 PM

herron edited projects, added SRE Observability; removed observability.

colewhite added a subtask: T288619: Improve the process to consume and use API.LOG to filter out bad performing queries either by extra tooling within o11y or analytics.Oct 13 2021, 2:09 PM

colewhite subscribed.

colewhite moved this task from Inbox to Backlog on the SRE Observability board.Oct 20 2021, 5:17 PM

• lmata edited projects, added Observability-Logging; removed SRE Observability.Nov 24 2021, 5:00 PM

colewhite added a parent task: T213902: Implement sensitive logstash access control.Jul 26 2022, 10:26 PM

colewhite moved this task from Inbox to Blocked on the Observability-Logging board.Sep 21 2022, 10:56 AM

Nowadays we have sampled webrequest available in superset and related dashboards, 5xx feed is in logstash though we could also add that to superset. I'm declining this, though feel free to reopen as needed

Develop tooling for quickly parsing 5xx and sampled-1000 logsClosed, DeclinedPublicActions

Description

Related ObjectsSearch...

Event Timeline

Develop tooling for quickly parsing 5xx and sampled-1000 logs
Closed, DeclinedPublic
Actions

Related Objects
Search...