Script Logs LogSource Configuration
Last updated on 18 September, 2024Many resources and services use APIs to access logs. This can be cumbersome to customize and doesn’t support API filters. LogSource is a LogicModule that provides templates to help you enable LM Logs and configure log data collection and forwarding. LogSource contains details about which logs to get and where to get them, and which fields should be considered for parsing.
The Script Logs LogSource type helps you set up the import of API script type of logs to LogicMonitor. This LogSource type uses a script that calls an API and collects log data on a regular interval.
Configuration Options
The following describes configuration details specific to the Script Logs typeof LogSource. For general information on how to add a LogSource, see Configuring a LogSource.
Basic Information
In the Collection Interval drop-down, select the time interval at which you want the script to be executed. Default is one hour.
Collection
In the Collection section, add an import script in Groovy format to collect log data from the resources you specified in the AppliesTo section.
Note: For the import to work, ensure that the AppliesTo criteria correctly matches the desired resources. You also need “Manage” permissions to at least one of the mapped resources. For more information, see Roles.
Include Filters
You can add filters to include resources of certain types, for example an application. The output matching the filter criteria is forwarded to the log ingestion process.
Available parameters
Attributes | Comparison operator | Value example |
Message | Contain, NotContain, RegexMatch, RegexNotMatch. | Any string that is part of the message. |
Log Fields
You can configure Log Fields (tags) to send additional metadata with the logs.
Available parameters
Method | Key example | Value example | Description |
Static | “Customer” | “Customer_XYZ” | |
Dynamic(REGEX) | “Host” | “host=*” | The query will run on the message field. |
LM Property(Token) | “Device” | “##system.deviceId##” | The DeviceID extracted from the existing device property in LM. |
Resource Mappings
Configure the LM log property to match a monitored resource.
Available parameters
Method | Key example | Value example | Description |
Static | “Customer_Id” | “1921” | |
Dynamic(REGEX) | “system.ServiceName” | “service=*” | The query will run on the message field. |
LM Property(Token) | “token.resourceMap” | “syslog_test_collector” | The DeviceID extracted from the existing device property in LogicMonitor. |
Examples
The following provides guidelines for creating import scripts for retrieving log events. You add scripts to the Collection section of the LogSource configuration.
A log event is a JSON object. When creating a JSON object for the output, ensure to follow these guidelines:
- The JSON object contains all the mandatory and customized event attributes.
- It contains a JSON array and other attributes indicating the status of the script, for example “status” and “message”.
- The JSON array contains all the events that will be reported to LogicMonitor.
The following syntax describes the output JSON object:
output ::= "{" "events" : "[" event ["," event]+ "]"," scriptAttribute]+ "}"
event ::= "{" messageAttribute ["," customAttribute]+}
messageAttribute ::= "message" ":" messageText
customAttribute ::= attributeName ":" attributeValue
messageText ::= <any string text>
attributeName ::= <any valid name string allowed in system>
attributeValue ::= <any string text>
Note: messageAttribute is mandatory. If a parameter in the output cannot be parsed, the corresponding log event is discarded as being invalid.
Script Output as a Single Event
{
"events": [
{
"Message":"This is the message of the event",
"customAttribute":"This is a custom attribute"
}
]
}
Exit code
The import script should also include a successExitCode to indicate successful execution.
- It can be any integer value. Default value is “0” indicating successful execution.
- The output is processed only if the script completes with exit code 0. If the exit code is not specified, the output is discarded to avoid partial event processing.
Script Output as Json(println line)
This sample script provides output as “json (println line)”, and contains the return code “0” to indicate successful execution. The script also includes the mandatory “message” attribute in the event array.
import groovy.json.*
def get = new URL("sone-url").openConnection();
def getRC = get.getInputStream().getText()
def json = new JsonSlurper().parseText(getRC)
json.each { it.putAt("message", it.getAt("description")) }
json.each { it.remove("description") }
JsonBuilder builder = new JsonBuilder(json)
builder {
events builder (json)
} println(builder.toPrettyString())
return 0