John Frizelle edited a comment on AEROGEAR-7978

Re: Spike: ElasticSearch mapping for sync audit logs w/o defining every single field The suggestion in StackOverflow worked. Instructions: 1. Enable logging on cluster, as documented here: https://issues.jboss.org/browse/AEROGEAR-7937 (until excluding Disabling OpenShift Centralized logging section) 2. Get a token for ElasticSearch: {code} oc login # admin token=$(oc whoami -t) {code} 3. Create a new project in OpenShift to provision sync. But, don't provision sync just yet. I will use project name "alitestproj02" in the rest of the instructions. 4. Create ElasticSearch index template: {code} curl -k -H "Authorization: Bearer $token" -H "X-Proxy-Remote-User: $(oc whoami)" -H "X-Forwarded-For: 127.0.0.1" -XPUT https://elastic.apb-testing.skunkhenry.com/_template/aerogear_data_sync_log_template -d ' {   "template" : "project.alitestproj02.*",   "order" : 100,   "mappings": {     "_default_": {       "dynamic_templates": [         {           "message_field": {             "mapping": {               "type": "object"             },             "match": "message"           }         },         {           "message_properties": {             "path_match":   "message.*",             "mapping": {               "type": "string",               "index": "not_analyzed"             }           }         }       ]     }   } } ' {code} 5. Provision sync in that project you created 6. Need some schema in sync. Go into the sync server pod and execute {code} npm run init:db:memeo:inmem {code} 7. Go into sync UI and create a new mutation "createMemeFail". Copy the mappings from "createMeme", but have an on-purpose error in the request mapping like {code} {       "operation": "insertxxxxxxxxxxx",       "doc": {         "_type":"meme",         "photourl": "{{context.arguments.photourl}}",         "owner": "{{context.arguments.owner}}",         "likes": 0       }     } {code} 8. Delete that pod so that a new one is created and the schema is loaded for sure 9. Clone https://github.com/aliok/aerogear-sync-metrics-generator and change the uri and the authorization 10. Run it so that there is some data 11. Go to Kibana and create an index pattern for "project.alitestproj02.*". Select "@timestamp" as the time index 12. Go to "Discover" view and check one of the documents for the index pattern you just created. Documents that are AUDIT logs should have explicit fields extracted from the "message" field. Such as "operationType", "path", ... Add Comment

This message was sent by Atlassian Jira (v7.12.1#712002-sha1:609a505)