Categorygithub.com/polyverse-security/logrus-logstash-hook
modulepackage
1.0.0
Repository: https://github.com/polyverse-security/logrus-logstash-hook.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
6
Dependents
0
Files
173 SLOC

# README

Logstash hook for logrus :walrus: Build Status

Use this hook to send the logs to Logstash over both UDP and TCP.

Usage

package main

import (
        "github.com/sirupsen/logrus"
        "github.com/bshuster-repo/logrus-logstash-hook"
)

func main() {
        log := logrus.New()
        hook, err := logrus_logstash.NewHook("tcp", "172.17.0.2:9999", "myappName")

        if err != nil {
                log.Fatal(err)
        }
        log.Hooks.Add(hook)
        ctx := log.WithFields(logrus.Fields{
          "method": "main",
        })
        ...
        ctx.Info("Hello World!")
}

This is how it will look like:

{
    "@timestamp" => "2016-02-29T16:57:23.000Z",
      "@version" => "1",
         "level" => "info",
       "message" => "Hello World!",
        "method" => "main",
          "host" => "172.17.0.1",
          "port" => 45199,
          "type" => "myappName"
}

Hook Fields

Fields can be added to the hook, which will always be in the log context. This can be done when creating the hook:


hook, err := logrus_logstash.NewHookWithFields("tcp", "172.17.0.2:9999", "myappName", logrus.Fields{
        "hostname":    os.Hostname(),
        "serviceName": "myServiceName",
})

Or afterwards:


hook.WithFields(logrus.Fields{
        "hostname":    os.Hostname(),
        "serviceName": "myServiceName",
})

This allows you to set up the hook so logging is available immediately, and add important fields as they become available.

Single fields can be added/updated using 'WithField':


hook.WithField("status", "running")

Field prefix

The hook allows you to send logging to logstash and also retain the default std output in text format. However to keep this console output readable some fields might need to be omitted from the default non-hooked log output. Each hook can be configured with a prefix used to identify fields which are only to be logged to the logstash connection. For example if you don't want to see the hostname and serviceName on each log line in the console output you can add a prefix:



hook, err := logrus_logstash.NewHookWithFields("tcp", "172.17.0.2:9999", "myappName", logrus.Fields{
        "_hostname":    os.Hostname(),
        "_serviceName": "myServiceName",
})
...
hook.WithPrefix("_")

There are also constructors available which allow you to specify the prefix from the start. The std-out will not have the '_hostname' and '_servicename' fields, and the logstash output will, but the prefix will be dropped from the name.

# Functions

NewFilterHook makes a new hook which does not forward to logstash, but simply enforces the prefix rules.
NewFilterHookWithPrefix make a new hook which does not forward to logstash, but simply enforces the specified prefix.
NewHook creates a new hook to a Logstash instance, which listens on `protocol`://`address`.
NewHookWithConn creates a new hook to a Logstash instance, using the supplied connection.
NewHookWithFields creates a new hook to a Logstash instance, which listens on `protocol`://`address`.
NewHookWithFieldsAndConn creates a new hook to a Logstash instance using the supplied connection.
NewHookWithFieldsAndConnAndPrefix creates a new hook to a Logstash instance using the suppolied connection and prefix.
NewHookWithFieldsAndPrefix creates a new hook to a Logstash instance, which listens on `protocol`://`address`.

# Structs

Hook represents a connection to a Logstash instance.
Formatter generates json in logstash format.