Send playbook output to Logstash/Elasticsearch
4,508 views
Skip to first unread message
David Reagan
Jul 6, 2015, 7:50:55 PM7/6/15
to ansible...@googlegroups.com
I'm starting to run playbooks automatically via a push server. Basically emulating what you can get with Puppet. As part of that, I'd like to send the output of my cronjob playbooks into my ELK stack. Which is hard to do when the default output is so unreadable.
Here's effectively what I want to get: http://pastebin.com/eVVcLfKn
Basically, a log entry per task per host.
From what I've seen googling around, the way to do this is via a callback plugin. So I looked at https://github.com/ansible/ansible/blob/devel/plugins/callbacks/log_plays.py and got lost. My Python skills are very low, and apparently my general dev skills are currently not up to the task.
I tried modifying log_plays to just dump the data variable raw, but I keep running into errors....
Any tips?
Has anyone already solved this problem?
Brian Coca
Jul 6, 2015, 8:26:03 PM7/6/15
to ansible...@googlegroups.com
log_plays was designed to drop the json to syslog-ng which would then
push it to elastic search w/o need for logstash, probably easier to
just setup syslog-ng to do the same.
--
Brian Coca
push it to elastic search w/o need for logstash, probably easier to
just setup syslog-ng to do the same.
--
Brian Coca
David Reagan
Jul 6, 2015, 8:37:56 PM7/6/15
to ansible...@googlegroups.com
The default log_plays doesn't actually output all the information I need.
I have lots of stuff going to syslog and then into ELK already, but in this case, I figured I'd just let logstash-forwarder watch the ansible log file. Then format the output so that logstash doesn't have to filter it at all.
Currently, I figured out how to get valid json out per line. But I'm stuck figuring out how to get the task name, the role name, and the command line command information.
Are there global vars I can reference from the plugin? Where could I find a list of them?
--David Reagan
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/zOjsYxLN578/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8n722sXnV547ZCjrTxBeaDQOqxzxQ1QEs0fYeq5AuQ6Sg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
David Reagan
Jul 7, 2015, 2:26:31 PM7/7/15
to ansible...@googlegroups.com
With some work I have almost exactly what I want. See: http://pastebin.com/G819PEZY
Questions: The status of that restart apache 2 task should be "CHANGED", since it actually did change during the play run. But it seems like the value for changed tasks is always "OK". Is there a way to change that?
Questions: The status of that restart apache 2 task should be "CHANGED", since it actually did change during the play run. But it seems like the value for changed tasks is always "OK". Is there a way to change that?
--David Reagan
Brian Coca
Jul 7, 2015, 4:20:06 PM7/7/15
to ansible...@googlegroups.com
status will be OK in both cases, you need to look at changed : true/false
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
--
Brian Coca
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CANo%2B_AfMFvypiqYdFWbOopLNNa3yx_Y-vxQBmY%2BHiY85fYCSYg%40mail.gmail.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
--
Brian Coca
David Reagan
Jul 7, 2015, 6:32:47 PM7/7/15
to ansible...@googlegroups.com
Ah, that makes sense. Thanks!
--David Reagan
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nvqO_3HKZmfBD_NhxW6nY7mfoZHPCuZTfz%2B2QiRM1QJQ%40mail.gmail.com.
dubravko sever
Dec 16, 2016, 5:59:51 PM12/16/16
to Ansible Project
Hi David
This post is quite old, but can you share your experience with me, because I'm trying to build something like you have done.
I'me trying to build environment that is able to track security policies applied at server level, and than I cold create pretty reports from Elastic/Kibana, and use it for generating inventory items.
Thanks in advance.
Thanks
Dubravko
Gabriel Rosca
Dec 17, 2016, 1:15:05 PM12/17/16
to Ansible Project
What about the callback module :)
https://github.com/ujenmr/ansible-logstash-callback/blob/master/README.md
Regards,
Gabriel
dubravko sever
Dec 17, 2016, 2:22:30 PM12/17/16
to Ansible Project
Hi,
Exactly I've been looking for, if it collects json results from ansible (will test it)
Thanks
Dubravko
dubravko sever
Jan 18, 2017, 6:20:20 AM1/18/17
to Ansible Project
Hi,
Using given callback I'm able to log events from ansible to logstash/elastic search. But can't search ansible_result field because it represent field as string, for instance:
"{"changed":"false", "msg":"some message"}".
In ELK I'm trying to get format like this one
"ansible_result":{
Any ideas how to resolve this issue?
Dubravko
Ievgen Khmelenko
Jan 26, 2017, 4:13:53 PM1/26/17
to Ansible Project
Hi,
I'm author of the module, I can fix it. I will return with result...
Ievgen
Ievgen Khmelenko
Jan 27, 2017, 3:06:10 PM1/27/17
to Ansible Project
Try to use the new version https://github.com/ujenmr/ansible-logstash-callback
Aaron Hicks
Jul 25, 2019, 11:51:05 PM7/25/19
to Ansible Project
Late to the game, but this is the best ranked answer so far: Is there a callback that logs _directly_ to ElasticSearch without logstash?
Reply all
Reply to author
Forward
0 new messages