# services/logging/opensearch-observability-objects.yaml # Generated by scripts/logging_render_observability.py --build apiVersion: v1 kind: ConfigMap metadata: name: opensearch-observability-objects namespace: logging data: applications.json: | [ { "name": "bstein-dev-home", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'bstein-dev-home'", "servicesEntities": [], "traceGroups": [ "bstein-dev-home" ] }, { "name": "pegasus", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'pegasus'", "servicesEntities": [], "traceGroups": [ "pegasus" ] }, { "name": "jellyfin", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'jellyfin'", "servicesEntities": [], "traceGroups": [ "jellyfin" ] }, { "name": "vaultwarden", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'vaultwarden'", "servicesEntities": [], "traceGroups": [ "vaultwarden" ] }, { "name": "mailu", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'mailu-mailserver'", "servicesEntities": [], "traceGroups": [ "mailu" ] }, { "name": "nextcloud", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'nextcloud'", "servicesEntities": [], "traceGroups": [ "nextcloud" ] }, { "name": "gitea", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'gitea'", "servicesEntities": [], "traceGroups": [ "gitea" ] }, { "name": "jenkins", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'jenkins'", "servicesEntities": [], "traceGroups": [ "jenkins" ] }, { "name": "harbor", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'harbor'", "servicesEntities": [], "traceGroups": [ "harbor" ] }, { "name": "vault", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'vault'", "servicesEntities": [], "traceGroups": [ "vault" ] }, { "name": "keycloak", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'sso'", "servicesEntities": [], "traceGroups": [ "keycloak" ] }, { "name": "flux-system", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'flux-system'", "servicesEntities": [], "traceGroups": [ "flux-system" ] }, { "name": "comms", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms'", "servicesEntities": [], "traceGroups": [ "comms" ] }, { "name": "element-web", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'element-web'", "servicesEntities": [], "traceGroups": [ "element-web" ] }, { "name": "element-call", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'element-call'", "servicesEntities": [], "traceGroups": [ "element-call" ] }, { "name": "matrix-synapse", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'synapse'", "servicesEntities": [], "traceGroups": [ "matrix-synapse" ] }, { "name": "livekit", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'livekit'", "servicesEntities": [], "traceGroups": [ "livekit" ] }, { "name": "coturn", "description": "", "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'coturn'", "servicesEntities": [], "traceGroups": [ "coturn" ] }, { "name": "lesavka", "description": "", "baseQuery": "source = journald-* | where _HOSTNAME = 'titan-jh'", "servicesEntities": [], "traceGroups": [ "lesavka" ] } ] saved_queries.json: | [ { "name": "kube logs", "description": "", "query": "source = kube-*", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "kube errors", "description": "", "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "journald logs", "description": "", "query": "source = journald-*", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "journald errors", "description": "", "query": "source = journald-* | where match(MESSAGE, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "bstein-dev-home logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'bstein-dev-home'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "bstein-dev-home errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'bstein-dev-home' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "pegasus logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'pegasus'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "pegasus errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'pegasus' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "jellyfin logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'jellyfin'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "jellyfin errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'jellyfin' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "vaultwarden logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'vaultwarden'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "vaultwarden errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'vaultwarden' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "mailu logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'mailu-mailserver'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "mailu errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'mailu-mailserver' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "nextcloud logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'nextcloud'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "nextcloud errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'nextcloud' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "gitea logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'gitea'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "gitea errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'gitea' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "jenkins logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'jenkins'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "jenkins errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'jenkins' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "harbor logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'harbor'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "harbor errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'harbor' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "vault logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'vault'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "vault errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'vault' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "keycloak logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'sso'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "keycloak errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'sso' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "flux-system logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'flux-system'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "flux-system errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'flux-system' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "comms logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "comms errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "element-web logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'element-web'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "element-web errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'element-web' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "element-call logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'element-call'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "element-call errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'element-call' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "matrix-synapse logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'synapse'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "matrix-synapse errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'synapse' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "livekit logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'livekit'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "livekit errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'livekit' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "coturn logs", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'coturn'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "coturn errors", "description": "", "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'coturn' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "lesavka logs", "description": "", "query": "source = journald-* | where _HOSTNAME = 'titan-jh'", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "lesavka errors", "description": "", "query": "source = journald-* | where _HOSTNAME = 'titan-jh' | where match(MESSAGE, 'error|exception|fail')", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } } ] saved_visualizations.json: | [ { "name": "[Kube] Logs per hour", "description": "", "query": "source = kube-* | stats count() as log_count by span(`@timestamp`, 1h)", "type": "line", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Errors per hour", "description": "", "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail') | stats count() as error_count by span(`@timestamp`, 1h)", "type": "line", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top namespaces", "description": "", "query": "source = kube-* | stats count() as log_count by kubernetes.namespace_name | sort - log_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top error namespaces", "description": "", "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail') | stats count() as error_count by kubernetes.namespace_name | sort - error_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top pods", "description": "", "query": "source = kube-* | stats count() as log_count by kubernetes.pod_name | sort - log_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top error pods", "description": "", "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail') | stats count() as error_count by kubernetes.pod_name | sort - error_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top nodes", "description": "", "query": "source = kube-* | stats count() as log_count by kubernetes.node_name | sort - log_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Journald] Top units", "description": "", "query": "source = journald-* | stats count() as log_count by _SYSTEMD_UNIT | sort - log_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Journald] Top error units", "description": "", "query": "source = journald-* | where match(MESSAGE, 'error|exception|fail') | stats count() as error_count by _SYSTEMD_UNIT | sort - error_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } } ]