...
- Update mappings to support using message.keyword field.
To do so on the Elasticsearch (ES) node run the following curl command included in the attached file:
jenkins_elasticsearch_mappings.txt Add the following parameter to the elasticsearch.yml config file:
script.painless.regex.enabled: true
Restart ES
- In Kibana create the index patter "logstash-jenkins". Set the timestamp field to "@buildTimestamp"
- For that index pattern navigate to the scripted fields tab. Create a scripted field named "healthcheck". Language is painless. Type is string. Script is as follows:
def msg = doc['message.keyword'].value;
if (doc['message.keyword'].value != null) {
if (doc['message.keyword'].value =~ /Health Check/) {
if (doc['message.keyword'].value =~ /PASS/) {
return "PASS";
}
else {
return "FAIL";
}
}
} - Create another scripted field named "component". Language is painless. Type is string. Script is as follows:
if (doc['message.keyword'].value != null) {
if (doc['message.keyword'].value =~ /Health Check/) {
def m = /^(.+?)(API)?\sHealth Check.*$/.matcher(doc['message.keyword'].value);
if ( m.matches() ) {
return m.group(1)
}
else {
return "unknown";
}
}
}
return null; Import the following visualizations to Kibana:
jenkins cd visualizations.json
Import the following dashboard to Kibana:
jenkins cd dashboard.json
Troubleshooting:
If you get the following error in Kibana:
"[script] Too many dynamic script compilations within one minute, max: [15/min]; please use on-disk, indexed, or scripts with parameters instead; this limit can be changed by the [script.max_compilations_per_minute] setting","bytes_wanted":0,"bytes_limit":0}}}}]},"status":400}
Execute the following request on the Elasticsearch VM:
ubuntu@ip-172-31-95-213:~$ curl -XPUT localhost:9200/_cluster/settings -d '
{
"transient" : {
"script.max_compilations_per_minute" : 50
}
}
'