Configuring LogSources for API Script

Many resources and services use APIs to access logs. This can be cumbersome to customize and doesn’t support API filters. LogSources is a LogicModule that provide templates to help you enable LM Logs and configure log data collection and forwarding. 

The LogSources for API Script logsource type described in the following helps you set up the import of API script type of logs to LogicMonitor. This logsource type uses a script that calls an API and collects log data on a regular interval.

Configuration Options

The following describes configuration options specific to the LogSources for API Script type of logsource. For information on how to add a logsource, see Creating LogSources.

Attributes

In the Attributes section, add an import script in Groovy format to collect log data from resources specified in the AppliesTo section. In the Schedule drop-down, select the time interval at which you want the script to be executed. Default is one minute. 

Include Filters

You can add filters to include resources of certain types, for example an application. The output matching the filter criteria is forwarded to the log ingestion process.

Available parameters

Log Fields/Tags

You can configure Log Fields/Tags to send additional metadata with the logs. 

Available parameters

Resource Mapping

Configure the LM log property to match a monitored resource.

Available parameters

Script Examples

The following provides guidelines for creating import scripts for retrieving log events. Scripts are added to the Attributes section of the LogSource configuration.

A log event is a JSON object. When creating a JSON object for the output, ensure to follow these guidelines:

• The JSON object contains all the mandatory and customized event attributes.
• It contains a JSON array and other attributes indicating the status of the script, for example “status” and “message”.
• The JSON array contains all the events that will be reported to LogicMonitor.

The following syntax describes the output JSON object:

output            ::= "{" "events" : "[" event ["," event]+ "]"," scriptAttribute]+ "}"
event             ::= "{" messageAttribute ["," customAttribute]+}
messageAttribute  ::= "message" ":" messageText
customAttribute   ::= attributeName ":" attributeValue
messageText       ::= <any string text>
attributeName     ::= <any valid name string allowed in system>
attributeValue    ::= <any string text>

Example 1: Script output generating a single event

{
       "events": [
                           {
                                "Message":"This is the message of the event",
                                "customAttribute":"This is a custom attribute"
                           }
                        ]
}

Exit code

The import script should also include a successExitCode to indicate successful execution. 

• It can be any integer value. Default value is “0” indicating successful execution.
• The output is processed only if the script completes with exit code 0. If the exit code is not specified, the output is discarded to avoid partial event processing.

Example 2: Script output as json(println line)

This sample script provides output as “json (println line)”, and contains the return code “0” to indicate successful execution. The script also includes the mandatory “message” attribute in the event array.

import groovy.json.*
 def get = new URL("sone-url").openConnection();
 def getRC = get.getInputStream().getText() 
 def json = new JsonSlurper().parseText(getRC)
 json.each { it.putAt("message", it.getAt("description")) }
 json.each { it.remove("description") }
 JsonBuilder builder = new JsonBuilder(json)
 builder {
 events builder (json)
  }       println(builder.toPrettyString())
 return 0