-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathlogsuck-config.schema.json
334 lines (334 loc) · 14 KB
/
logsuck-config.schema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
{
"$id": "https://github.com/jackbister/logsuck/logsuck-config.schema.json",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"additionalProperties": false,
"description": "Configuration for logsuck",
"properties": {
"$schema": {
"description": "A string containing the URL to this schema. Most likely \"https://github.com/jackbister/logsuck/logsuck-config.schema.json\", or \"./logsuck-config.schema.json\" if developing logsuck.",
"type": "string"
},
"fileTypes": {
"description": "A fileType combines configuration related to a type of file. For example you may have certain config that is only applicable to access logs, in which case you might name a fileType \"access_log\" and put access log specific config there. The special fileType \"DEFAULT\" is applied to all files. In a forwarder/recipient setup this only needs to be configured on the recipient host.",
"items": {
"additionalProperties": false,
"properties": {
"name": {
"description": "The name of this file type. Must be unique.",
"type": "string"
},
"parser": {
"properties": {
"jsonConfig": {
"autoform": {
"conditional": {
"key": "type",
"value": "JSON"
}
},
"description": "Configuration specific to the JSON parser",
"properties": {
"eventDelimiter": {
"description": "A regex specifying the delimiter between events. For example, if the file contains one event per row this should be '\\n'. Default '\\n'.",
"type": "string"
},
"timeField": {
"description": "Which field in the JSON object representing an event should be considered the timestamp of the event and placed in the _time field. Default 'ts'.",
"type": "string"
}
},
"type": "object"
},
"regexConfig": {
"autoform": {
"conditional": {
"key": "type",
"value": "Regex"
}
},
"description": "Configuration specific to the Regex parser",
"properties": {
"eventDelimiter": {
"description": "A regex specifying the delimiter between events. For example, if the file contains one event per row this should be '\\n'. Default '\\n'.",
"type": "string"
},
"fieldExtractors": {
"description": "Regular expressions which will be used to extract field values from events.\nCan be given in two variants:\n1. An expression containing any number of named capture groups. The names of the capture groups will be used as the field names and the captured strings will be used as the values.\n2. An expression with two unnamed capture groups. The first capture group will be used as the field name and the second group as the value.\nIf a field with the name '_time' is extracted and matches the given timelayout, it will be used as the timestamp of the event. Otherwise the time the event was read will be used.\nMultiple extractors can be specified by using the fieldextractor flag multiple times. Defaults \"(\\w+)=(\\w+)\" and \"(?P\u003c_time\u003e\\d\\d\\d\\d/\\d\\d/\\d\\d \\d\\d:\\d\\d:\\d\\d\\.\\d\\d\\d\\d\\d\\d)\")",
"items": {
"type": "string"
},
"type": "array"
},
"timeField": {
"description": "The name of the extracted field which should be considered the timestamp of the event and placed in the _time field. Default '_time'.",
"type": "string"
}
},
"type": "object"
},
"type": {
"description": "The name of the parser to use for this file. Default 'Regex'. Regex uses regular expressions to delimit events and extract values from them.",
"enum": [
"JSON",
"Regex"
],
"type": "string"
}
},
"type": "object"
},
"readInterval": {
"description": "The duration between checking the file for updates. A low value will make the events searchable sooner at the cost of using more CPU and doing more disk reads. Default '1s'.",
"type": "string"
},
"timeLayout": {
"description": "The layout of the _time field which will be extracted from this file. If no _time field is extracted or it doesn't match this layout, the time when the event was read will be used as the timestamp for that event. There are also the special timelayouts \"UNIX\", \"UNIX_MILLIS\", and \"UNIX_DECIMAL_NANOS\". \"UNIX\" expects the _time field to contain the number of seconds since the Unix epoch, \"UNIX_MILLIS\" expects it to contain the number of milliseconds since the Unix epoch, and UNIX_DECIMAL_NANOS expects it to contain a string of the form \"\u003cUNIX\u003e.\u003cNANOS\u003e\" where \"\u003cUNIX\u003e\" is the number of seconds since the Unix epoch and \"\u003cNANOS\u003e\" is the number of elapsed nanoseconds in that second. Default '2006/01/02 15:04:05'.",
"type": "string"
}
},
"type": "object"
},
"type": "array"
},
"files": {
"items": {
"additionalProperties": false,
"properties": {
"fileName": {
"description": "The name of the file. This can also be a glob pattern such as \"log-*.txt\".",
"type": "string"
},
"fileTypes": {
"items": {
"autoform": {
"dynamicEnum": "fileTypes"
},
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"type": "array"
},
"forceStaticConfig": {
"autoform": {
"readonly": true
},
"description": "If enabled, the JSON configuration file will be used instead of the configuration saved in the database. This means that you cannot alter configuration at runtime and must instead update the JSON file and restart logsuck. Has no effect in forwarder mode. Default false.",
"type": "boolean"
},
"forwarder": {
"additionalProperties": false,
"autoform": {
"readonly": true
},
"description": "Configuration for running in forwarder mode, where events will be pushed to a recipient instance of logsuck instead of being saved locally.",
"properties": {
"configPollInterval": {
"description": "How often the forwarder should poll for configuration updates from the recipient. Must be a string like '1m', '15s', etc. Default '1m'.",
"type": "string"
},
"enabled": {
"description": "Whether forwarding mode should be enabled or not. Default false.",
"type": "boolean"
},
"maxBufferedEvents": {
"description": "If the forwarder is unable to reach the recipient, events will begin to queue up. maxBufferedEvents is the maximum size of that queue. If maxBufferedEvents is exceeded before the forwarder can reach the recipient again, events will be lost.",
"type": "number"
},
"recipientAddress": {
"description": "The URL where the recipient instance is running. Default 'localhost:8081'.",
"type": "string"
}
},
"type": "object"
},
"host": {
"additionalProperties": false,
"description": "Configuration related to the current host machine.",
"properties": {
"name": {
"autoform": {
"readonly": true
},
"description": "The name of the host running this instance of logsuck. If empty or unset, logsuck will attempt to retrieve the hostname from the operating system.",
"type": "string"
},
"type": {
"autoform": {
"dynamicEnum": "hostTypes",
"readonly": true
},
"description": "The type of this host. Must be a key of the \"hostTypes\" object. This will define what files will be read by this instance of logsuck.",
"type": "string"
}
},
"type": "object"
},
"hostTypes": {
"description": "A hostType contains configuration related to a type of host. For example your web server hosts may have different configuration than your database server hosts. The special hostType \"DEFAULT\" is applied to all hosts. In a forwarder/recipient setup this only needs to be configured on the recipient host.",
"items": {
"additionalProperties": false,
"properties": {
"files": {
"description": "The files which should be indexed.",
"items": {
"properties": {
"fileName": {
"autoform": {
"dynamicEnum": "files"
},
"description": "The name of the file. This can also be a glob pattern such as \"log-*.txt\".",
"type": "string"
}
},
"required": [
"fileName"
],
"type": "object"
},
"type": "array"
},
"name": {
"description": "The name of the host type. Must be unique.",
"type": "string"
}
},
"type": "object"
},
"type": "array"
},
"plugins": {
"autoform": {
"displayAsArray": true
},
"properties": {},
"type": "object"
},
"recipient": {
"additionalProperties": false,
"autoform": {
"readonly": true
},
"description": "Configuration for running in recipient mode, where events will be rececived from other logsuck instances in forwarder mode instead of reading directly from the log files.",
"properties": {
"address": {
"description": "The addreess where the API endpoints that the forwarders will communicate with should be exposed. Default ':8081'.",
"type": "string"
},
"enabled": {
"description": "Whether recipient mode should be enabled or not. Default false.",
"type": "boolean"
}
},
"type": "object"
},
"sqlite": {
"$id": "https://github.com/jackbister/logsuck/plugins/sqlite_common/sqlite_common.schema.json",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"additionalProperties": false,
"autoform": {
"readonly": true
},
"description": "Configuration for @sqlite_common Logsuck plugin",
"properties": {
"fileName": {
"description": "The file name which will be used for the SQLite database. Default 'logsuck.db'.",
"type": "string"
},
"trueBatch": {
"description": "Whether Logsuck should use 'true batch' mode or not. True batch is significantly faster at saving events on average, but is slower at handling duplicates and relies on SQLite behavior which may not be guaranteed. Default true.",
"type": "boolean"
}
},
"title": "@sqlite_common",
"type": "object"
},
"tasks": {
"autoform": {
"displayAsArray": true
},
"properties": {
"@logsuck/DeleteOldEventsTask": {
"properties": {
"config": {
"properties": {
"minAge": {
"type": "string"
}
},
"type": "object"
},
"enabled": {
"type": "boolean"
},
"interval": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"web": {
"additionalProperties": false,
"description": "Configuration for the web GUI used to access logsuck. In a forwarder/recipient setup this only needs to be configured on the recipient host.",
"properties": {
"address": {
"description": "The address where the web server will be exposed. Default ':8080'.",
"type": "string"
},
"debugMode": {
"description": "Enables debug mode in the web server, which may enable features such as extra logging. Default false.",
"type": "boolean"
},
"enabled": {
"autoform": {
"readonly": true
},
"description": "Whether the web server should run. Defaults to true unless the configuration specifies that this logsuck instance should run in forwarder mode.",
"type": "boolean"
},
"usePackagedFiles": {
"description": "If true, all static files will be served using the files that are bundled into the executable. If false, the normal filesystem will be used (which means the directory './internal/web/static/dist' must exist in the working directory). This is mostly useful when developing. Default true.",
"type": "boolean"
}
},
"type": "object"
}
},
"tasks": {
"tasks": {
"autoform": {
"displayAsArray": true
},
"properties": {
"@logsuck/DeleteOldEventsTask": {
"properties": {
"config": {
"properties": {
"minAge": {
"type": "string"
}
},
"type": "object"
},
"enabled": {
"type": "boolean"
},
"interval": {
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
}
},
"title": "Logsuck Config",
"type": "object"
}