search

GoogleCloudPlatform / ops-agent

Apache License 2.0
141 stars 68 forks source link

systemd_journald: Transform keys from journald JSON to Cloud Logging JSON #256

Open akkornel opened 2 years ago

akkornel commented 2 years ago

Hello!

I am looking at using the Ops Agent for my GCP project, and I'm especially interested in using the systemd_journald receiver. I am interested in this because journald is already collecting logs for me, and it would be great to take advantage of journald's structured-log format.

Even though the receiver is doing the work of pulling in logs from journald, the log entries coming from journald aren't in a form that Cloud Logging can process. So, my request is that the Ops Agent's systemd_journald receiver be enhanced to transform the JSON entries from systemd's schema to Cloud Logging's schema.

One key from the JSON needs a simple key change:

One key needs both a key change and a value change:

There are three keys which could be present and, if so, need to trigger the creation of the logging.googleapis.com/sourceLocation object:

Finally, the timestamp object has to be created by applying some math to the __REALTIME_TIMESTAMP key:

For the timestampSeconds key: Take the value from ⌊__REALTIME_TIMESTAMP ÷ 1000000⌋. For the timestampNanos key: Take the value from __REALTIME_TIMESTAMP mod 1000000 × 1000.

quentinmit commented 2 years ago

Severity mapping and code mapping are both good feature requests.

Are you actually having problems with the message and timestamp? Those should work fine without any additional translation.

quentinmit commented 2 years ago

I'm going to reopen this since it looks like we haven't fixed MESSAGE yet.

alemnew commented 7 months ago

Is there any ETA for this to be fixed and released?