From b71fd77e745f5040350cc39d490e7d84b654beff Mon Sep 17 00:00:00 2001 From: Eirik Meland Date: Mon, 28 Oct 2019 10:04:59 +0100 Subject: [PATCH 1/3] fix broken test --- spec/outputs/coralogix_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/outputs/coralogix_spec.rb b/spec/outputs/coralogix_spec.rb index 8c7900b..126c6d7 100644 --- a/spec/outputs/coralogix_spec.rb +++ b/spec/outputs/coralogix_spec.rb @@ -1,6 +1,6 @@ # encoding: utf-8 require "logstash/devutils/rspec/spec_helper" -require "logstash/outputs/coralogix_logger" +require "logstash/outputs/coralogix" require "logstash/codecs/plain" require "logstash/event" From fe7f3a1b936c212070e5953cfc7d6b52ea715fd0 Mon Sep 17 00:00:00 2001 From: Eirik Meland Date: Mon, 28 Oct 2019 10:05:29 +0100 Subject: [PATCH 2/3] add severity and category --- lib/logstash/outputs/coralogix.rb | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/lib/logstash/outputs/coralogix.rb b/lib/logstash/outputs/coralogix.rb index 44e151b..b9a10e1 100644 --- a/lib/logstash/outputs/coralogix.rb +++ b/lib/logstash/outputs/coralogix.rb @@ -14,6 +14,8 @@ class LogStash::Outputs::Coralogix < LogStash::Outputs::Base config :config_params, :validate => :hash, :required => true config :timestamp_key_name, :validate => :string, :required => false config :log_key_name, :validate => :string, :required => false + config :severity_key_name, :validate => :string, :required => false + config :category_key_name, :validate => :string, :required => false config :is_json, :validate => :boolean, :required => false config :force_compression, :validate => :boolean, :required => false, :default => false config :debug, :validate => :boolean, :required => false, :default => false @@ -35,14 +37,17 @@ class LogStash::Outputs::Coralogix < LogStash::Outputs::Base log_record = log_record.to_s.empty? ? record : log_record timestamp = record.fetch(timestamp_key_name, nil) + severity = record.fetch(severity_key_name, nil) + category = record.fetch(category_key_name, nil) + if (timestamp.nil?) - logger.debug log_record + log logger, severity, category, log_record else begin float_timestamp = DateTime.parse(timestamp.to_s).to_time.to_f * 1000 - logger.debug log_record, nil, timestamp: float_timestamp + log logger, severity, category, log_record, timestamp: float_timestamp rescue Exception => e - logger.debug log_record + log logger, severity, category, log_record end end end @@ -50,6 +55,23 @@ class LogStash::Outputs::Coralogix < LogStash::Outputs::Base return 1 end + def log(logger, severity, category, log_record, timestamp = {}) + case severity + when "critical" + logger.critical log_record, category, timestamp + when "error" + logger.error log_record, category, timestamp + when "warning" + logger.warning log_record, category, timestamp + when "info" + logger.info log_record, category, timestamp + when "verbose" + logger.verbose log_record, category, timestamp + else + logger.debug log_record, category, timestamp + end + end + def version? begin Gem.loaded_specs['logstash-output-coralogix'].version.to_s From 5f045e54720880289eae77dc31e2130c34187596 Mon Sep 17 00:00:00 2001 From: Eirik Meland Date: Mon, 28 Oct 2019 10:40:32 +0100 Subject: [PATCH 3/3] documentation --- README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bda9846..9241ede 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,8 @@ output { } log_key_name => "message" timestamp_key_name => "@timestamp" + severity_key_name => "severity" + category_key_name => "category" is_json => true } } @@ -92,6 +94,15 @@ Coralogix automatically generates the timestamp based on the log arrival time. I **Note:** We accepts only logs which are not older than `24 hours`. +### Category + +This plugin puts everything in the category `CORALOGIX`. If you want to take control over which category is to be used, use the `category_key_name` to specify your category field. + +### Severity + +By default everything is sent as severity `DEBUG`. You can use a value in the incoming log entry to dictate which severity is to be used, use the `severity_key_name`. The valid log levels are: + `debug`, `verbose`, `info`, `warning`, `error`, `critical`. Values other than this ends up as debug + ### JSON support In case your raw log message is a JSON object you should set `is_json` key to a **true** value, otherwise you can ignore it. @@ -113,4 +124,4 @@ output { } } } -``` \ No newline at end of file +```