gelf
editgelf
edit- Version: 3.1.2
- Released on: 2016-11-14
- Changelog
This plugin does not ship with Logstash by default, but it is easy to install by running bin/logstash-plugin install logstash-output-gelf
.
This output generates messages in GELF format. This is most useful if you want to use Logstash to output events to Graylog2.
More information at The Graylog2 GELF specs page
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
gelf { host => ... }
Available configuration options:
Setting | Input type | Required | Default value |
---|---|---|---|
No |
|
||
No |
|
||
No |
|
||
No |
|
||
No |
|
||
Yes |
|||
No |
|||
No |
|
||
No |
|
||
No |
|
||
No |
|
||
No |
|
||
No |
|
||
No |
|
||
<<,>> |
No |
|
Details
edit
chunksize
edit- Value type is number
-
Default value is
1420
The GELF chunksize. You usually don’t need to change this.
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.
custom_fields
edit- Value type is hash
-
Default value is
{}
The GELF custom field mappings. GELF supports arbitrary attributes as custom
fields. This exposes that. Exclude the _
portion of the field name
e.g. custom_fields => ['foo_field', 'some_value']
sets _foo_field
= some_value
.
enable_metric
edit- Value type is boolean
-
Default value is
true
Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.
full_message
edit- Value type is string
-
Default value is
"%{message}"
The GELF full message. Dynamic values like %{foo}
are permitted here.
host
edit- This is a required setting.
- Value type is string
- There is no default value for this setting.
Graylog2 server IP address or hostname.
id
edit- Value type is string
- There is no default value for this setting.
Add a unique ID
to the plugin instance, this ID
is used for tracking
information for a specific configuration of the plugin.
output { stdout { id => "ABC" } }
If you don’t explicitely set this variable Logstash will generate a unique name.
ignore_metadata
edit- Value type is array
-
Default value is
["@timestamp", "@version", "severity", "host", "source_host", "source_path", "short_message"]
Ignore these fields when ship_metadata
is set. Typically this lists the
fields used in dynamic values for GELF fields.
level
edit- Value type is array
-
Default value is
["%{severity}", "INFO"]
The GELF message level. Dynamic values like %{level}
are permitted here;
useful if you want to parse the log level from an event and use that
as the GELF level/severity.
Values here can be integers [0..7] inclusive or any of "debug", "info", "warn", "error", "fatal" (case insensitive). Single-character versions of these are also valid, "d", "i", "w", "e", "f", "u" The following additional severity\_labels from Logstash’s syslog\_pri filter are accepted: "emergency", "alert", "critical", "warning", "notice", and "informational".
sender
edit- Value type is string
-
Default value is
"%{host}"
Allow overriding of the GELF sender
field. This is useful if you
want to use something other than the event’s source host as the
"sender" of an event. A common case for this is using the application name
instead of the hostname.
ship_metadata
edit- Value type is boolean
-
Default value is
true
Should Logstash ship metadata within event object? This will cause Logstash to ship any fields in the event (such as those created by grok) in the GELF messages. These will be sent as underscored "additional fields".
ship_tags
edit- Value type is boolean
-
Default value is
true
Ship tags within events. This will cause Logstash to ship the tags of an
event as the field \_tags
.