riemann
editriemann
editThis is a community-maintained plugin! It does not ship with Logstash by default, but it is easy to install by running bin/plugin install logstash-output-riemann.
Riemann is a network event stream processing system.
While Riemann is very similar conceptually to Logstash, it has much more in terms of being a monitoring system replacement.
Riemann is used in Logstash much like statsd or other metric-related outputs
You can learn about Riemann here:
- http://riemann.io/ You can see the author talk about it here:
- http://vimeo.com/38377415
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
riemann {
}
Available configuration options:
Details
edit
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.
exclude_tags (DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is array
-
Default value is
[]
Only handle events without any of these tags. Optional.
map_fields
edit- Value type is boolean
-
Default value is
false
If set to true automatically map all logstash defined fields to riemann event fields. All nested logstash fields will be mapped to riemann fields containing all parent keys separated by dots and the deepest value.
As an example, the logstash event:
{
"@timestamp":"2013-12-10T14:36:26.151+0000",
"@version": 1,
"message":"log message",
"host": "host.domain.com",
"nested_field": {
"key": "value"
}
}
Is mapped to this riemann event:
{
:time 1386686186,
:host host.domain.com,
:message log message,
:nested_field.key value
}
It can be used in conjunction with or independent of the riemann_event option. When used with the riemann_event any duplicate keys receive their value from riemann_event instead of the logstash event itself.
protocol
edit-
Value can be any of:
tcp,udp -
Default value is
"tcp"
The protocol to use UDP is non-blocking TCP is blocking
Logstash’s default output behaviour is to never lose events As such, we use tcp as default here
riemann_event
edit- Value type is hash
- There is no default value for this setting.
A Hash to set Riemann event fields (http://riemann.io/concepts.html).
The following event fields are supported:
description, state, metric, ttl, service
Tags found on the Logstash event will automatically be added to the Riemann event.
Any other field set here will be passed to Riemann as an event attribute.
Example:
riemann {
riemann_event => {
"metric" => "%{metric}"
"service" => "%{service}"
}
}
metric and ttl values will be coerced to a floating point value.
Values which cannot be coerced will zero (0.0).
description, by default, will be set to the event message
but can be overridden here.
sender
edit- Value type is string
-
Default value is
"%{host}"
The name of the sender.
This sets the host value
in the Riemann event
tags (DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is array
-
Default value is
[]
Only handle events with all of these tags. Optional.
type (DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is string
-
Default value is
""
The type to act on. If a type is given, then this output will only
act on messages with the same type. See any input plugin’s type
attribute for more.
Optional.