Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    Script Logs LogSource Configuration

    Last updated on 13 June, 2023

    Disclaimer: The LogSource LM LogicModule is currently in open Beta.

    Many resources and services use APIs to access logs. This can be cumbersome to customize and doesn’t support API filters. LogSource is a LogicModule that provides templates to help you enable LM Logs and configure log data collection and forwarding. LogSource contains details about which logs to get and where to get them, and which fields should be considered for parsing.

    The Script Logs LogSource type helps you set up the import of API script type of logs to LogicMonitor. This LogSource type uses a script that calls an API and collects log data on a regular interval.

    Configuration Options

    The following describes configuration details specific to the Script Logs typeof LogSource. For general information on how to add a LogSource, see Configuring a LogSource.

    Basic Information

    In the Collection Interval drop-down, select the time interval at which you want the script to be executed. Default is one hour. 

    Collection

    In the Collection section, add an import script in Groovy format to collect log data from the resources you specified in the AppliesTo section. 

    Note: For the import to work, ensure that the AppliesTo criteria correctly matches the desired resources. You also need “Manage” permissions to at least one of the mapped resources. For more information, see Roles.

    Include Filters

    You can add filters to include resources of certain types, for example an application. The output matching the filter criteria is forwarded to the log ingestion process.

    Available parameters

    AttributesComparison operatorValue example
    MessageContain, NotContain, RegexMatch, RegexNotMatch.Any string that is part of the message.

    Log Fields

    You can configure Log Fields (tags) to send additional metadata with the logs. 

    Available parameters

    MethodKey exampleValue exampleDescription
    Static“Customer”“Customer_XYZ”
    Dynamic(REGEX)“Host”“host=*”The query will run on the message field.
    LM Property(Token)“Device”“##system.deviceId##”The DeviceID extracted from the existing device property in LM.

    Resource Mappings

    Configure the LM log property to match a monitored resource.

    Available parameters

    MethodKey exampleValue exampleDescription
    Static“Customer_Id”“1921”
    Dynamic(REGEX)“system.ServiceName”“service=*”The query will run on the message field.
    LM Property(Token)“token.resourceMap”“syslog_test_collector”The DeviceID extracted from the existing device property in LogicMonitor.

    Examples

    The following provides guidelines for creating import scripts for retrieving log events. You add scripts to the Collection section of the LogSource configuration.

    A log event is a JSON object. When creating a JSON object for the output, ensure to follow these guidelines:

    • The JSON object contains all the mandatory and customized event attributes.
    • It contains a JSON array and other attributes indicating the status of the script, for example “status” and “message”.
    • The JSON array contains all the events that will be reported to LogicMonitor.

    The following syntax describes the output JSON object:

    output            ::= "{" "events" : "[" event ["," event]+ "]"," scriptAttribute]+ "}"
event             ::= "{" messageAttribute ["," customAttribute]+}
messageAttribute  ::= "message" ":" messageText
customAttribute   ::= attributeName ":" attributeValue
messageText       ::= <any string text>
attributeName     ::= <any valid name string allowed in system>
attributeValue    ::= <any string text>

    Note: messageAttribute is mandatory. If a parameter in the output cannot be parsed, the corresponding log event is discarded as being invalid.

    Script Output as a Single Event

    {
   "events": [
                {
                   "Message":"This is the message of the event",
                   "customAttribute":"This is a custom attribute"
                }
            ]
}

    Exit code

    The import script should also include a successExitCode to indicate successful execution. 

    • It can be any integer value. Default value is “0” indicating successful execution.
    • The output is processed only if the script completes with exit code 0. If the exit code is not specified, the output is discarded to avoid partial event processing.

    Script Output as Json(println line)

    This sample script provides output as “json (println line)”, and contains the return code “0” to indicate successful execution. The script also includes the mandatory “message” attribute in the event array.

    import groovy.json.*
 def get = new URL("sone-url").openConnection();
 def getRC = get.getInputStream().getText() 
 def json = new JsonSlurper().parseText(getRC)
 json.each { it.putAt("message", it.getAt("description")) }
 json.each { it.remove("description") }
 JsonBuilder builder = new JsonBuilder(json)
 builder {
 events builder (json)
  }       println(builder.toPrettyString())
 return 0
    In This Article