Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Clarify mapping related to logging

See original GitHub issue

Hello,

For logging from some of our applications we produce a log line that is ISO8601 Date (microsecond + tz), log level, thread id/name, file, function, line number, message. This provides information about where in our code the log message originated, any thoughts on where/how to map these items into ecs?

From this line it seems like the mapping would be as follows optionally logging the original to log.original. date/time to @timstamp log level (think syslog facility) to log.level thread id/name to ?? file to ?? function to ?? line number to ?? message to message

If process.tid and process.thread (or equivalent) are added, I can see those being used for thread id/name.

Thanks!

Issue Analytics

State:
Created 5 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

bmagistrocommented, Oct 30, 2018

Thanks for the input. I think I have gotten our common logs (auditd, secure, messages, nginx, apache, and some of our apps) mapped in at a very basic level. With in the log section, we added path that would map to filebeat “source”. For the app log described above, leveraging error.function and adding a “line” to file seemed to make the most sense. I would like to get a little more run time but would be happy to share the logstash filter file for this if anyone is interested. I am very certain that we can be doing MUCH more parsing than we are in some logs.

0reactions

webmatcommented, Nov 20, 2018

Hey @bmagistro, I’ll close this for the time being, as it looks like everything has been answered.

Please open other issues if you have further questions, or if you’ve faced problems and would like to contribute ideas to ECS.

Thanks for getting in touch!

Top Results From Across the Web

Data Transformation Solutions | Cleo Clarify

Cleo Clarify - Rapidly connect your business and start transforming data. ... Verbose logging and tracking is a huge benefit for void problems,...

Getting Started with the Clarify Studio - Amazon AWS

The Studio supports team interactions, so you can easily share resources with team members, compare versions, and work together to bring your ...

Introduction to HAProxy Logging

For example, it categorizes log messages related to connections and HTTP requests ... err, Errors such as being unable to parse a map...

What is Knowledge Mapping and How to Use It?

Also known as an inventory of knowledge, these linked resources make it easier for companies to collaborate on areas of expertise and advance...

SageMaker Clarify Computer Vision

Amazon SageMaker Clarify generates heat maps for images that highlight ... of images where each image shows the heat map of the relevant...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Clarify mapping related to logging

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

Finding a better name for `url.hostname`, `source.hostname` and `destination.hostname`

service.type and service.name