Skip to main content

Kibana/logstash integration with reports or JIRA

We use Logstash for our centralized logging. All our app nodes track exceptions and write them to scribe, in night a python scribe consumer aggregates that information and sends an email with top exceptions with counts and first 200 characters of the exception.  Well the problem was that now I have to go through email and for each row I need to find the exception in logstash or in application logs. This is painful, I wanted to find some better way.


So I changed our exception tracking code to include a requestId into scribe logs and this requestId is logged with each exception to logstash. Now all I need to do is add a column in my table to include a logstash query link.  Problem is that it wasnt that straight forward. Ultimately after reading some forums I found that I need  to  prepare a search json and then base64 encode it and then create a url and voila I was done.  What used to take 1 hour to trace 10 exceptions would take me just 30 mins. 


    linkPrefix = "https://%s-logstash.xyz.com/#" % dc_name.lower()
    now_java_ts = int(time.time()) * 1000
    searchJson = """{"search":" @fields.requestid:\\"%s\\"","fields":[],"offset":0,"timeframe":"172800","graphmode":"count","time":{"user_interval":0},"stamp":%s,"mode":"","analyze_field":""}"""%(sampleRequestId, now_java_ts)
    searchJsonEncoded = base64.b64encode(searchJson)
    linkUrl = linkPrefix + searchJsonEncoded
    link = "
RequestId:%s" %(linkUrl, sampleRequestId)




The new report looks like



Other fancy things in the report are these Up and down arrows that tell me if the exceptions are going up or down and % will tell me how much they are up and down from yesterday or after a release.

the link on count will take me to graphite graph that tells me how an exception is trending and when it was introduced as shown below.



Comments

  1. UnknownJune 29, 2013 at 7:56 AM

    Ok - it took me a couple of reads to figure out what this is for, so correct me if I'm wrong...

    This is to add link into the emails you receive (or that JIRA receives) that allows you to navigate back into your logstash, at exactly the right point.

    The report you show is from JIRA.

    ReplyDelete
  2. Kalpesh PatelJune 29, 2013 at 10:37 AM

    Yes Martin, sorry if the blog post was cryptic, I am not a professional blogger and I wrote it in 5-10 min:).

    So yes we daily generate some reports from scribe logs and create JIRA tickets automatically. So I need the JIRA ticket and report to have a link to logstash so that the users can click on it to jump directly to logstash.

    ReplyDelete

Post a Comment

Popular posts from this blog

Killing a particular Tomcat thread

Update: This JSP does not work on a thread that is inside some native code.  On many occasions I had a thread stuck in JNI code and it wont work. Also in some cases thread.stop can cause jvm to hang. According to javadocs " This method is inherently unsafe. Stopping a thread with Thread.stop causes it to unlock all of the monitors that it has locked". I have used it only in some rare occasions where I wanted to avoid a system shutdown and in some cases we ended up doing system shutdown as jvm was hung so I had a 70-80% success with it.   -------------------------------------------------------------------------------------------------------------------------- We had an interesting requirement. A tomcat thread that was spawned from an ExecutorService ThreadPool had gone Rogue and was causing lots of disk churning issues. We cant bring down the production server as that would involve downtime. Killing this thread was harmless but how to kill it, t
6 comments
Read more

Adding Jitter to cache layer

Thundering herd is an issue common to webapp that rely on heavy caching where if lots of items expire at the same time due to a server restart or temporal event, then suddenly lots of calls will go to database at same time. This can even bring down the database in extreme cases. I wont go into much detail but the app need to do two things solve this issue. 1) Add consistent hashing to cache layer : This way when a memcache server is added/removed from the pool, entire cache is not invalidated.  We use memcahe from both python and Java layer and I still have to find a consistent caching solution that is portable across both languages. hash_ring and spymemcached both use different points for server so need to read/test more. 2) Add a jitter to cache or randomise the expiry time: We expire long term cache  records every 8 hours after that key was added and short term cache expiry is 2 hours. As our customers usually comes to work in morning and access the cloud file server it can happe
Post a Comment
Read more

Preparing for an interview after being employed 11 years at a startup

I would say I didn't prepared a hell lot but  I did 2 hours in night every day and every weekend around 8 hours for 2-3 months. I did 20-30 leetcode medium problems from this list https://leetcode.com/explore/interview/card/top-interview-questions-medium/.  I watched the first 12 videos of Lecture Videos | Introduction to Algorithms | Electrical Engineering and Computer Science | MIT OpenCourseWare I did this course https://www.educative.io/courses/grokking-the-system-design-interview I researched on topics from https://www.educative.io/courses/java-multithreading-for-senior-engineering-interviews and leetcode had around 10 multithreading questions so I did those I watched some 10-20 videos from this channel https://www.youtube.com/channel/UCn1XnDWhsLS5URXTi5wtFTA 
Post a Comment
Read more