Stackable lnav Utils

A collection of lnav log format definitions and analysis scripts for all things Stackable related. These scripts help analyze logs from various Stackable components.

Quick Start

For first-time lnav users:

# Install the scripts repository
$ lnav -i https://github.com/stackabletech/lnav_scripts.git

# Load your log file (example with HBase logs)
$ lnav hbase.ndjson

# Example: In lnav, filter by Kubernetes pod name
:filter-expr :kubernetes_pod_name = 'etu1-hbase-regionserver-default-0'

Available Scripts and Formats

Log Format Definitions (.json files)

• vector-json.json - Parses JSON logs from the Vector aggregator
• graylog-json.json - Parses JSON logs exported from Graylog (TODO: Is this customer specific?)
• graylog-json-extended.json - Extended Graylog format with additional fields (TODO: Is this customer specific?)

Analysis Scripts (.lnav files)

• Apache NiFi
  • nifi: A collection of useful search tables (the script is called nifi-tools)
  • nifi-updateid
• Apache ZooKeeper
• Graylog hide-containerdebug.lnav* - Filters out containerdebug container logs

SQL Filters

• vector-json-filters.sql - Auto-applies (is this correct? I assumed based on the TRIGGER) filters when vector_json format is detected

Usage Examples

NiFi

# Load NiFi logs and run analysis
$ lnav nifi-app.log

# In lnav run the `nifi-tools` script:
|nifi

# In lnav, view GC performance:
select log_time,generation,duration from gctime order by duration desc

# Check request processing times by type:
select type, avg(duration), max(duration) from requests group by type

Installation

Method 1: Automatic Installation

lnav -i https://github.com/stackabletech/lnav_scripts.git

This will install the scripts into your $XDG_CONFIG_HOME/lnav/formats directory:

❯ lnav -i [email protected]:stackabletech/lnav_scripts.git
Cloning into '/home/lars/.config/lnav/staging/git_github_com_stackabletech_lnav_scripts_git'...
remote: Enumerating objects: 136, done.
remote: Counting objects: 100% (136/136), done.
remote: Compressing objects: 100% (96/96), done.
remote: Total 136 (delta 88), reused 84 (delta 36), pack-reused 0 (from 0)
Receiving objects: 100% (136/136), 23.94 KiB | 2.99 MiB/s, done.
Resolving deltas: 100% (88/88), done.
✔ installed lnav repo at: /home/lars/.config/lnav/formats/git_github_com_stackabletech_lnav_scripts_git
 = note: found 3 format file(s)
         found 2 SQL file(s)
         found 6 lnav-script file(s)

Rerunning the same command will update an already installed repo:

lnav -i [email protected]:stackabletech/lnav_scripts.git
Updating format repo: [email protected]:stackabletech/lnav_scripts.git
Already up to date.

Method 2: Local Installation

TODO: Document how this works.