Blogs

Simple Kibana dashboard for monitoring Alfresco Logs

Alfresco logs in Kibana

Some days ago I wrote a post about how to set up a basic Kibana dashboard in Alfresco Enterprise with JMX metrics, from a logstash JMX input. Today I'm gonna add some simple configuration for creating a dashboard for Alfresco logs. The architecture for ELK is the same of the previous post, with logstash running in your Alfresco instance and a dedicated Elastic Search and Kibana server. In this case the logstash.conf configuration would be something like this:

##
## Tomcat catalina.out logs
##
input {
  file {
    type => "alfresco-log"
    path => ["/opt/alfresco/tomcat/logs/catalina.out", "/opt/alfresco/tomcat/logs/catalina*out*"]
  }
}

##
## Filters for alfresco-log 
##
filter {
  if [type] == "alfresco-log" {
    # replace double blank space with single blank space
    mutate {
      gsub => [
        "message", "  ", " "
      ]
    }

    # Match incoming log entries to fields logLevel, class and Msg
    grok { 
      match => [ "message", "%{TIMESTAMP_ISO8601:logdate}\s*%{LOGLEVEL:logLevel} %{NOTSPACE:class}\s*%{GREEDYDATA:Msg}" ] 
    }

    # Match logdate from timestamp
    date {
       match => ["logdate" , "yyyy-MM-dd HH:mm:ss,SSS"]
       target => "@timestamp"
    }
  }
}

##
## Output to Elasticsearch 
##
output {
  #Uncomment for debugging purposes
  #stdout { codec => rubydebug }
  elasticsearch {
    hosts => ["elasticserver:9200"]
  }

}

It is clear that this is a simple grok parser, for a standard log entry in catalina.out. It's just a starting point, and you can improve it so much, for parsing messages for example. Also, you may add other log files in Alfresco (such as localhost access logs, alfresco.log, share.log or solr.log).

Once Elastic Server has the corresponding indices (including full message, timestamp, loglevel and class), we can build a simple dashboard for catalina logs as the following:

For illustrating this, we generated more logging than usual, activating DEBUG in thrashcan cleaner and ldap syncs for example. We may observe the extra log entries in the graph for these classes. Also the big log peaks are relating to Alfresco startups. The dashboard allows to create building blocks with helper custom searches (as last ldap sync or last startup), tables (for counting and filtering log level and class) and visualizations (number of logs in a time interval). From here, we can analize logs easier visualizing and filtering by log level and class directly, in a given time interval. This is tested with ELK 5.6.3 in Alfresco Community 201707GA as noted in Alfresco logs.

Additional Alfresco ELK resources:

More Blog Entries

Presentation of Sinadura 5 at Tecnowebinars

Next Wednesday, 23rd March 2016, from 19:45 to 20:30 our CEO David Olmos Luis will...

See you in Alfresco Devcon 2018

Last week, it was published the Alfresco Devcon 2018 conference program, that will celebrate...

0 Comments