Count licences

Elastic Stack Kibana
1

Hi all,
I'm new to ELK
I use ELK to parse flexlm log files, and I want to know the number of licenses used simultaneously

A flexlm example log file :

    22:26:18 (lmgrd) TIMESTAMP 5/22/2013
    23:19:37 (MLM) OUT: "MATLAB" ringo@blah1
    23:21:07 (MLM) OUT: "MAP_Toolbox" john@blah2
    23:45:24 (MLM) IN: "MATLAB" paul@blah3
    23:45:24 (MLM) IN: "MAP_Toolbox" george@blah4
    0:19:37 (MLM) OUT: "MATLAB" ringo@blah1
    0:21:07 (MLM) OUT: "MAP_Toolbox" john@blah2
    0:45:24 (MLM) IN: "MATLAB" paul@blah3
    0:45:24 (MLM) IN: "MAP_Toolbox" george@blah4
    4:26:18 (lmgrd) TIMESTAMP 5/23/2013...

OUT when a licence is used (license usage +1)
IN when a licence is freed (license usage -1)

I want to count the use of MATLAB, MAP_Toolbox (but I don't have an exhaustive list of license keywords), and filter answers by users (ringo@blah1 for example)

I tried to do it with logstash, but it seems not possible
Can you help me ?

Thank you
JeLeb

2

What you tried in Logstash? Can you share the pipeline you used?

The problem here is that the debug log from flexlm is pretty bad, it does not log the full date, it only prints the date every 6 hours.

But you can parse the message and use the timestamp from logstash instead of the timestamp of the file.

How are you parsing the files?

Is this license a network one, that runs on a flexlm server?

3

In input I have filebeat on the flexlm server, and my output is elasticsearch
Here is my running pipeline :

input {
  beats {
    port => 5044
  }
}
filter {
   
    #parse IN/OUT license lines
    if [message] =~ /OUT:/ or [message] =~ /IN:/ {
        
        grok {
             match => [ "message", "%{DATA:checkout_time} \(%{DATA:vendor}\) (?<in_out>(OUT|IN))\: \"%{DATA:feature_name}\" %{DATA:user_id}@%{USERNAME:client_machine}" ]
        }

        mutate {
               replace => ["message", "%{+YYYY-MM-dd HH:mm:ss Z} %{vendor} %{in_out} %{feature_name} %{user_id} %{client_machine}"]
        }
    } else { 
        drop { }
    }
}

output {
    elasticsearch {
      hosts => "http://elasticsearch:9200"
      index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
}

It seems to work for me

I tried to use metrics, but I found that it can only increase vars, not doing calculation
I want to have something like :
"new_message", "%{%{+YYYY-MM-dd HH:mm:ss Z} %{feature_name} %{count_current_used_license_of_feature_name}"

Thank you

4

I have made some evolution of my conf.
I add a field "license_count".
If message contains "IN", I put a "+1" in license_count
If message contains "OUT", I put a "-1" in license_count

It work well, but I can't make my kibana graph, because the kibana "SUM" function add all license_count values in the period, and the result is often "0" (same number of IN and OUT during the period)

I want a graph with a point for each event cumulate with previous events
For example :

  • If I have "IN IN IN OUT OUT OUT", I want points "1 2 3 2 1"
  • If I have "IN OUT IN OUT IN OUT", I want points "1 0 1 0 1 0"

Any ideas ?

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.