title | keywords | description | ||||
---|---|---|---|---|---|---|
loggly |
|
This document contains information about the Apache APISIX loggly Plugin. |
The loggly
Plugin is used to forward logs to SolarWinds Loggly for analysis and storage.
When the Plugin is enabled, APISIX will serialize the request context information to Loggly Syslog data format which is Syslog events with RFC5424 compliant headers.
When the maximum batch size is exceeded, the data in the queue is pushed to Loggly enterprise syslog endpoint. See batch processor for more details.
Name | Type | Required | Default | Description |
---|---|---|---|---|
customer_token | string | True | Unique identifier used when sending logs to Loggly to ensure that they are sent to the right organisation account. | |
severity | string (enum) | False | INFO | Syslog log event severity level. Choose between: DEBUG , INFO , NOTICE , WARNING , ERR , CRIT , ALERT , and EMEGR . |
severity_map | object | False | nil | A way to map upstream HTTP response codes to Syslog severity. Key-value pairs where keys are the HTTP response codes and the values are the Syslog severity levels. For example {"410": "CRIT"} . |
tags | array | False | Metadata to be included with any event log to aid in segmentation and filtering. | |
log_format | object | False | {"host": "$host", "@timestamp": "$time_iso8601", "client_ip": "$remote_addr"} | Log format declared as key value pairs in JSON format. Values only support strings. APISIX or Nginx variables can be used by prefixing the string with $ . |
include_req_body | boolean | False | false | When set to true includes the request body in the log. If the request body is too big to be kept in the memory, it can't be logged due to Nginx's limitations. |
include_resp_body | boolean | False | false | When set to true includes the response body in the log. |
include_resp_body_expr | array | False | When the include_resp_body attribute is set to true , use this to filter based on lua-resty-expr. If present, only logs the response if the expression evaluates to true . |
This Plugin supports using batch processors to aggregate and process entries (logs/data) in a batch. This avoids the need for frequently submitting the data. The batch processor submits data every 5
seconds or when the data in the queue reaches 1000
. See Batch Processor for more information or setting your custom configuration.
To generate a Customer token, go to <your assigned subdomain>/loggly.com/tokens
or navigate to Logs > Source setup > Customer tokens.
You can also configure the Plugin through Plugin metadata. The following configurations are available:
Name | Type | Required | Default | Valid values | Description |
---|---|---|---|---|---|
host | string | False | "logs-01.loggly.com" | Endpoint of the host where the logs are being sent. | |
port | integer | False | 514 | Loggly port to connect to. Only used for syslog protocol. |
|
timeout | integer | False | 5000 | Loggly send data request timeout in milliseconds. | |
protocol | string | False | "syslog" | [ "syslog" , "http", "https" ] | Protocol in which the logs are sent to Loggly. |
log_format | object | False | nil | Log format declared as key value pairs in JSON format. Values only support strings. APISIX or Nginx variables can be used by prefixing the string with $ . |
We support Syslog, HTTP/S (bulk endpoint) protocols to send log events to Loggly. By default, in APISIX side, the protocol is set to "syslog". It lets you send RFC5424 compliant syslog events with some fine-grained control (log severity mapping based on upstream HTTP response code). But HTTP/S bulk endpoint is great to send larger batches of log events with faster transmission speed. If you wish to update it, just update the metadata.
:::note
APISIX supports Syslog and HTTP/S protocols to send data to Loggly. Syslog lets you send RFC5424 compliant syslog events with fine-grained control. But, HTTP/S bulk endpoint is better while sending large batches of logs at a fast transmission speed. You can configure the metadata to update the protocol as shown below:
curl http://127.0.0.1:9180/apisix/admin/plugin_metadata/loggly -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"protocol": "http"
}'
:::
The example below shows a complete configuration of the Plugin on a specific Route:
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins":{
"loggly":{
"customer_token":"0e6fe4bf-376e-40f4-b25f-1d55cb29f5a2",
"tags":["apisix", "testroute"],
"severity":"info",
"severity_map":{
"503": "err",
"410": "alert"
},
"buffer_duration":60,
"max_retry_count":0,
"retry_delay":1,
"inactive_timeout":2,
"batch_max_size":10
}
},
"upstream":{
"type":"roundrobin",
"nodes":{
"127.0.0.1:80":1
}
},
"uri":"/index.html"
}'
The example below shows a bare minimum configuration of the Plugin on a Route:
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins":{
"loggly":{
"customer_token":"0e6fe4bf-376e-40f4-b25f-1d55cb29f5a2",
}
},
"upstream":{
"type":"roundrobin",
"nodes":{
"127.0.0.1:80":1
}
},
"uri":"/index.html"
}'
Now, if you make a request to APISIX, it will be logged in Loggly:
curl -i http://127.0.0.1:9080/index.html
You can then view the logs on your Loggly Dashboard:
To remove the file-logger
Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/index.html",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:80": 1
}
}
}'