search

SumoLogic / logstash-output-sumologic

Forward logstash data to Sumo Logic
Apache License 2.0
18 stars 15 forks source link

Variables in output is not working #35

Closed zamirajaupaj closed 5 years ago

zamirajaupaj commented 5 years ago

hello, i'm trying to use this plugin, but i have an issue: is not working value in output. Sumo logic create the resources with name: prod/%{logGroupName} but not with name prod/aws/lambda/zamira in local i have this output:

{
   "@timestamp" => 2019-03-18T14:43:33.030Z,
  "message" => "myjson",
  "logGroupName" => "/aws/lambda/zamira",
   "id" => "/aws/lambda/zamira",
 }

my configuration file is:

filter {
  if [type] == "kinesis" {
    json {
      source => "message"
      add_field => { "id" => "%{logGroupName}" }
    }

    mutate {
      replace => { "message" => "My new message" }}
    }
  }
}

output {
  if [accountId] == "" {
    sumologic {
      format => "%{@json}"
      source_category => "prod/%{logGroupName}"
      url => "https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/xxxxxxxxxxxxx"
    }
  }
}
kikyomits commented 5 years ago

I have the same issue. I've tried to create dynamic source_category using metadata or value in some fields but those aren't successul. Example code is described below, which is pretty same with zamirajaupaj's code.

filter {
    mutate{
        add_field => {
            "[@metadata][env]" => "prod"
        }
    }
}

output {
    sumologic {
      format => "%{@json}"
      source_category => "%{[@metadata][env]}"
      url => "https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/xxxxxxxxxxxxx"
    }
}
bin3377 commented 5 years ago

Current the %{} is not supported in header tags like source_name, source_category, etc.

bin3377 commented 5 years ago

https://github.com/SumoLogic/logstash-output-sumologic/issues/33