Coder Social home page Coder Social logo

mrtndimitrov / graylog-delimited-file-output-plugin Goto Github PK

View Code? Open in Web Editor NEW

This project forked from rswestmoreland/graylog-delimited-file-output-plugin

0.0 1.0 1.0 85 KB

An output plugin for Graylog2, providing the ability to export messages to disk as CSV, TSV, space or pipe delimited files

License: GNU General Public License v3.0

Java 99.64% HTML 0.36%

graylog-delimited-file-output-plugin's Introduction

This branch allows the plugin to write to several independent files.

Graylog Delimited File Output

This plugin allows you to save messages from a Graylog 2.X server in various formats. Messages are in delimited formats, including comma (csv), tab (tsv), pipe and space. The files can be rotated based on line count or timed intervals.

This plugin supports Graylog 2.X+.

How to build

This project is using Maven and requires Java 8 or higher.

You can build a plugin (JAR) with mvn package.

How to use

  • Download graylog-delimited-file-output-plugin-.jar from releases and put inside plugins folder
  • Restart Graylog server
  • Create a new output globally or attached to a stream.

Configuration

  • File Format: Select CSV, TSV, Pipe or Space
  • File Path: Full path on your server(s) that the graylog user has permission to write to
  • Fields: The fields you want to export
  • End of Line: Newline (\n) or CRLF (\r\n), the latter being more readable in Windows
  • Compression Options: None, GZIP, GZIP Fastest (1), GZIP Max Compression (9)
  • Rotation Strategy: Interval, Count
  • Rotate Counter: Seconds if Interval, Lines if Count
  • Buffer Size: Output buffer in bytes before flushing to disk
  • Flush Interval: Seconds before flushing the buffer regardless of how full it is
  • Append Extension: Optional string added when file is finished and rotated
  • Debug: Temporarily enable this to write extra information about saved messages, flushing, and rotation. If the Count rotation strategy is used, these entries will also be counted.

Screenshot of add new output dialog

File Formats

CSV

Comma Separated Values, good for loading up into Excel. Example:

"2017-06-01T07:43:07.481Z","host1099-99.testnetwork.local","filebeat","log","Jun  1 07:43:06 host1099-99.testnetwork.local sshd[26668]: Failed password for root from 123.183.209.136 port 37835 ssh2"

TSV

Tab Separated Values, good for loading up into sql databases. Empty values are replaced with \N. Example:

2017-06-01T07:43:07.481Z	host1099-99.testnetwork.local	filebeat	log	Jun  1 07:43:06 host1099-99.testnetwork.local sshd[26668]: Failed password for root from 123.183.209.136 port 37835 ssh2

Pipe

Fields are separated by the pipe "|" character. Any pipe characters within the field value will be escaped. Example:

2017-06-01T07:43:07.481Z|host1099-99.testnetwork.local|filebeat|log|Jun  1 07:43:06 host1099-99.testnetwork.local sshd[26668]: Failed password for root from 123.183.209.136 port 37835 ssh2

Space

Fields are separated by a single space. This is useful if you know the selected fields do not also contain spaces, or only the last field may contain spaces such as when recreating a raw syslog message. Exporting a single field is also useful for generating lists. Examples:

2017-06-01T07:43:07.481Z host1099-99.testnetwork.local filebeat log Jun  1 07:43:06 host1099-99.testnetwork.local sshd[26668]: Failed password for root from 123.183.209.136 port 37835 ssh2

File Path Substitution

Use variables to dynamically generate the file path and name. Currently supported are: $HOST, $NODE, $EPOCH, $PID, $THREAD, $ROTATE, $PADDED.

  • $HOST: Local server's hostname
  • $NODE: Local graylog node's UUID
  • $EPOCH: Seconds since the start of the unix timestmap
  • $PID: Process ID of currently running graylog service
  • $THREAD: Thread ID of current worker that started the file handle
  • $ROTATE: Incrementing number, starts at 0 with a maximum of 999999
  • $PADDED: Same as $ROTATE, but padded with 6 zeros to maintain a natural sort of filenames

Note: When the plugin configuration is changed or graylog service is restarted, the plugin will attempt to start the $ROTATE and $PADDED sequence after the last saved sequence. However if filenames with earlier sequences have since been removed, it will start there first. For example, if export3, export4, and export5 exist, then it will create export0, export1, export2, then skip to export 6.

Debug

When enabled, the Debug option will add extra information to the file being written. Debug entries will be prefixed with "DEBUG:".

Examples:

DEBUG: Flushing buffer1 every 10 seconds, using pid 22120 thread 204 at 2017-06-01T07:44:33.664Z[Etc/UTC]
DEBUG: Writing csv with pid 22120 thread 145, trying fields [timestamp,source,facility,type,message] with fields available: [syslog_time,syslog_logdesc,gl2_remote_ip,gl2_remote_port,source,syslog_disklograte,loghost,type,gl2_source_input,syslog_mem,syslog_bandwidth,file,sourceip,syslog_type,syslog_level,host,r_isodate,gl2_source_node,syslog_devid,timestamp,syslog_cpu,s_isodate,offset,syslog_subtype,level,syslog_vd,input_type,syslog_setuprate,archive,message,syslog_action,syslog_disk,name,syslog_msg,_id,syslog_totalsession,syslog_fazlograte,syslog_devname,facility,syslog_logid]
DEBUG: Rotating file every 300 seconds, using pid 22120 thread 204 at 2017-06-01T07:44:43.646Z[Etc/UTC]

graylog-delimited-file-output-plugin's People

Contributors

mrtndimitrov avatar rswestmoreland avatar

Watchers

avatar

Forkers

yozu-dwatts

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.