README
¶
ECSEvent
HTTP observability middleware using the Elastic Common Schema.
ECSEvent provides middleware and utility functions for logging in the ECS format, particularly for HTTP services.
Unstable WIP, do not use.
Documentation
¶
Index ¶
- Variables
- func Nest(entry map[string]interface{}) map[string]interface{}
- func NewContext(ctx context.Context, m Monitor) context.Context
- func Unnest(entry map[string]interface{}) map[string]interface{}
- type Emitter
- type Monitor
- type MonitorOption
- type NopMonitor
- type RootMonitor
- func (rm *RootMonitor) AppendEmitter(emitter Emitter)
- func (rm *RootMonitor) Fields() map[string]interface{}
- func (rm *RootMonitor) Record(event map[string]interface{})
- func (rm *RootMonitor) Root() *RootMonitor
- func (rm *RootMonitor) SetStackdriverLogging(enabled bool)
- func (rm *RootMonitor) SetTracer(tracer opentracing.Tracer)
- func (rm *RootMonitor) Tracer() opentracing.Tracer
- func (rm *RootMonitor) UpdateFields(fields map[string]interface{})
- func (rm *RootMonitor) WithContext(ctx context.Context) context.Context
- type SpanMonitor
- func (sm *SpanMonitor) Fields() map[string]interface{}
- func (sm *SpanMonitor) Finish()
- func (sm *SpanMonitor) Parent() Monitor
- func (sm *SpanMonitor) Record(event map[string]interface{})
- func (sm *SpanMonitor) Root() *RootMonitor
- func (sm *SpanMonitor) Suppress()
- func (sm *SpanMonitor) UpdateFields(fields map[string]interface{})
- func (sm *SpanMonitor) WithContext(ctx context.Context) context.Context
- type SpanMonitorOption
Constants ¶
This section is empty.
Variables ¶
View Source
var ( FieldTimestamp = "@timestamp" FieldLabels = "labels" FieldTags = "tags" FieldMessage = "message" FieldAgentEphemeralID = "agent.ephemeral_id" FieldAgentID = "agent.id" FieldAgentName = "agent.name" FieldAgentType = "agent.type" FieldAgentVersion = "agent.version" FieldClientAddress = "client.address" FieldClientBytes = "client.bytes" FieldClientDomain = "client.domain" FieldClientIP = "client.ip" FieldClientMAC = "client.mac" FieldClientPackets = "client.packets" FieldClientPort = "client.port" FieldClientGeoCityName = "client.geo.city_name" FieldClientGeoContinentName = "client.geo.continent_name" FieldClientGeoCountryISOCode = "client.geo.country_iso_code" FieldClientGeoCountryName = "client.geo.country_name" FieldClientGeoLocation = "client.geo.location" FieldClientGeoName = "client.geo.name" FieldClientGeoRegionISOCode = "client.geo.region_iso_code" FieldClientGeoRegionName = "client.geo.region_name" FieldClientUserEmail = "client.user.email" FieldClientUserFullName = "client.user.full_name" FieldClientUserGroupID = "client.user.group.id" FieldClientUserGroupName = "client.user.group.name" FieldClientUserHash = "client.user.hash" FieldClientUserID = "client.user.id" FieldClientUserName = "client.user.name" FieldCloudAccountID = "cloud.account.id" FieldCloudAvailabilityZone = "cloud.availability_zone" FieldCloudInstanceID = "cloud.instance.id" FieldCloudInstanceName = "cloud.instance.name" FieldCloudMachineType = "cloud.machine.type" FieldCloudProvider = "cloud.provider" FieldCloudRegion = "cloud.region" FieldContainerID = "container.id" FieldContainerImageName = "container.image.name" FieldContainerImageTag = "container.image.tag" FieldContainerLabels = "container.labels" FieldContainerName = "container.name" FieldContainerRuntime = "container.runtime" FieldDestinationAddress = "destination.address" FieldDestinationBytes = "destination.bytes" FieldDestinationDomain = "destination.domain" FieldDestinationIP = "destination.ip" FieldDestinationMAC = "destination.mac" FieldDestinationPackets = "destination.packets" FieldDestinationPort = "destination.port" FieldDestinationGeoCityName = "destination.geo.city_name" FieldDestinationGeoContinentName = "destination.geo.continent_name" FieldDestinationGeoCountryISOCode = "destination.geo.country_iso_code" FieldDestinationGeoCountryName = "destination.geo.country_name" FieldDestinationGeoLocation = "destination.geo.location" FieldDestinationGeoName = "destination.geo.name" FieldDestinationGeoRegionISOCode = "destination.geo.region_iso_code" FieldDestinationGeoRegionName = "destination.geo.region_name" FieldDestinationUserEmail = "destination.user.email" FieldDestinationUserFullName = "destination.user.full_name" FieldDestinationUserGroupID = "destination.user.group.id" FieldDestinationUserGroupName = "destination.user.group.name" FieldDestinationUserHash = "destination.user.hash" FieldDestinationUserID = "destination.user.id" FieldDestinationUserName = "destination.user.name" FieldECSVersion = "ecs.version" FieldErrorCode = "error.code" FieldErrorID = "error.id" FieldErrorMessage = "error.message" FieldErrorStackTrace = "error.stack_trace" FieldEventAction = "event.action" FieldEventCategory = "event.category" FieldEventCreated = "event.created" FieldEventDataset = "event.dataset" FieldEventDuration = "event.duration" FieldEventEnd = "event.end" FieldEventHash = "event.hash" FieldEventKind = "event.kind" FieldEventModule = "event.module" FieldEventOriginal = "event.original" FieldEventOutcome = "event.outcome" FieldEventRiskScore = "event.risk_score" FieldEventRiskScoreNorm = "event.risk_score_norm" FieldEventSeverity = "event.severity" FieldEventStart = "event.start" FieldEventSubevents = "event.subevents" FieldEventTimezone = "event.timezone" FieldEventType = "event.type" FieldFileCTime = "file.ctime" FieldFileDevice = "file.device" FieldFileExtension = "file.extension" FieldFileGID = "file.gid" FieldFileGroup = "file.group" FieldFileINode = "file.inode" FieldFileMode = "file.mode" FieldFileMTime = "file.mtime" FieldFileOwner = "file.owner" FieldFilePath = "file.path" FieldFileSize = "file.size" FieldFileTargetPath = "file.target_path" FieldFileType = "file.type" FieldFileUID = "file.uid" FieldGroupID = "group.id" FieldGroupName = "group.name" FieldHostArchitecture = "host.architecture" FieldHostHostname = "host.hostname" FieldHostID = "host.id" FieldHostIP = "host.ip" FieldHostMAC = "host.mac" FieldHostName = "host.name" FieldHostType = "host.type" FieldHostGeoCityName = "host.geo.city_name" FieldHostGeoContinentName = "host.geo.continent_name" FieldHostGeoCountryISOCode = "host.geo.country_iso_code" FieldHostGeoCountryName = "host.geo.country_name" FieldHostGeoLocation = "host.geo.location" FieldHostGeoName = "host.geo.name" FieldHostGeoRegionISOCode = "host.geo.region_iso_code" FieldHostGeoRegionName = "host.geo.region_name" FieldHostOSFamily = "host.os.family" FieldHostOSFull = "host.os.full" FieldHostOSKernel = "host.os.kernel" FieldHostOSName = "host.os.name" FieldHostOSPlatform = "host.os.platform" FieldHostOSVersion = "host.os.version" FieldHostUserEmail = "host.user.email" FieldHostUserFullName = "host.user.full_name" FieldHostUserGroupID = "host.user.group.id" FieldHostUserGroupName = "host.user.group.name" FieldHostUserHash = "host.user.hash" FieldHostUserID = "host.user.id" FieldHostUserName = "host.user.name" FieldHTTPRequestBodyBytes = "http.request.body.bytes" FieldHTTPRequestBodyContent = "http.request.body.content" FieldHTTPRequestBytes = "http.request.bytes" FieldHTTPRequestMethod = "http.request.method" FieldHTTPRequestReferrer = "http.request.referrer" FieldHTTPResponseBodyBytes = "http.response.body.bytes" FieldHTTPResponseBodyContent = "http.response.body.content" FieldHTTPResponseBytes = "http.response.bytes" FieldHTTPResponseStatusCode = "http.response.status_code" FieldHTTPVersion = "http.version" FieldLogLevel = "log.level" FieldLogOriginal = "log.original" FieldNetworkApplication = "network.application" FieldNetworkBytes = "network.bytes" FieldNetworkCommunityID = "network.community_id" FieldNetworkDirection = "network.direction" FieldNetworkForwardedIP = "network.forwarded_ip" FieldNetworkIANANumber = "network.iana_number" FieldNetworkName = "network.name" FieldNetworkPackets = "network.packets" FieldNetworkProtocol = "network.protocol" FieldNetworkTransport = "network.transport" FieldNetworkType = "network.type" FieldObserverHostname = "observer.hostname" FieldObserverIP = "observer.ip" FieldObserverMAC = "observer.mac" FieldObserverSerialNumber = "observer.serial_number" FieldObserverType = "observer.type" FieldObserverVendor = "observer.vendor" FieldObserverVersion = "observer.version" FieldObserverOSFamily = "observer.os.family" FieldObserverOSFull = "observer.os.full" FieldObserverOSKernel = "observer.os.kernel" FieldObserverOSName = "observer.os.name" FieldObserverOSPlatform = "observer.os.platform" FieldObserverOSVersion = "observer.os.version" FieldOrganizationID = "organization.id" FieldOrganizationName = "organization.name" FieldProcessArgs = "process.args" FieldProcessExecutable = "process.executable" FieldProcessName = "process.name" FieldProcessPID = "process.pid" FieldProcessPPID = "process.ppid" FieldProcessStart = "process.start" FieldProcessThreadID = "process.thread.id" FieldProcessTitle = "process.title" FieldProcessWorkingDirectory = "process.working_directory" FieldRelatedIP = "related.ip" FieldServerAddress = "server.address" FieldServerBytes = "server.bytes" FieldServerDomain = "server.domain" FieldServerIP = "server.ip" FieldServerMAC = "server.mac" FieldServerPackets = "server.packets" FieldServerPort = "server.port" FieldServerGeoCityName = "server.geo.city_name" FieldServerGeoContinentName = "server.geo.continent_name" FieldServerGeoCountryISOCode = "server.geo.country_iso_code" FieldServerGeoCountryName = "server.geo.country_name" FieldServerGeoLocation = "server.geo.location" FieldServerGeoName = "server.geo.name" FieldServerGeoRegionISOCode = "server.geo.region_iso_code" FieldServerGeoRegionName = "server.geo.region_name" FieldServerUserEmail = "server.user.email" FieldServerUserFullName = "server.user.full_name" FieldServerUserGroupID = "server.user.group.id" FieldServerUserGroupName = "server.user.group.name" FieldServerUserHash = "server.user.hash" FieldServerUserID = "server.user.id" FieldServerUserName = "server.user.name" FieldServiceEphemeralID = "service.ephemeral_id" FieldServiceID = "service.id" FieldServiceName = "service.name" FieldServiceState = "service.state" FieldServiceType = "service.type" FieldServiceVersion = "service.version" FieldSourceAddress = "source.address" FieldSourceBytes = "source.bytes" FieldSourceDomain = "source.domain" FieldSourceIP = "source.ip" FieldSourceMAC = "source.mac" FieldSourcePackets = "source.packets" FieldSourcePort = "source.port" FieldSourceGeoCityName = "source.geo.city_name" FieldSourceGeoContinentName = "source.geo.continent_name" FieldSourceGeoCountryISOCode = "source.geo.country_iso_code" FieldSourceGeoCountryName = "source.geo.country_name" FieldSourceGeoLocation = "source.geo.location" FieldSourceGeoName = "source.geo.name" FieldSourceGeoRegionISOCode = "source.geo.region_iso_code" FieldSourceGeoRegionName = "source.geo.region_name" FieldSourceUserEmail = "source.user.email" FieldSourceUserFullName = "source.user.full_name" FieldSourceUserGroupID = "source.user.group.id" FieldSourceUserGroupName = "source.user.group.name" FieldSourceUserHash = "source.user.hash" FieldSourceUserID = "source.user.id" FieldSourceUserName = "source.user.name" FieldURLDomain = "url.domain" FieldURLFragment = "url.fragment" FieldURLFull = "url.full" FieldURLOriginal = "url.original" FieldURLPassword = "url.password" FieldURLPath = "url.path" FieldURLPort = "url.port" FieldURLQuery = "url.query" FieldURLScheme = "url.scheme" FieldURLUsername = "url.username" FieldUserEmail = "user.email" FieldUserFullName = "user.full_name" FieldUserGroupID = "user.group.id" FieldUserGroupName = "user.group.name" FieldUserHash = "user.hash" FieldUserID = "user.id" FieldUserName = "user.name" FieldUserAgentDeviceName = "user_agent.device.name" FieldUserAgentName = "user_agent.name" FieldUserAgentOriginal = "user_agent.original" FieldUserAgentVersion = "user_agent.version" )
Field name constants for the Elastic Common Schema. See: https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html
Functions ¶
Types ¶
type Emitter ¶
type Emitter interface {
// Emit takes a flat map of ECS fields and values, converts it to a nested
// map, and emits the event on the underlying logger implementation.
Emit(event map[string]interface{})
}
Emitter is a common interface for all ECSEvent adapters.
type Monitor ¶
type Monitor interface {
Fields() map[string]interface{}
UpdateFields(map[string]interface{})
Record(map[string]interface{})
Root() *RootMonitor
}
func MonitorFromContext ¶
func New ¶
func New(opts ...MonitorOption) Monitor
New creates a new RootMonitor with the given MonitorOption functions applied.
type MonitorOption ¶
type MonitorOption func(*RootMonitor)
MonitorOption configure a RootMonitor as it's being initialized.
func NestEvents ¶
func NestEvents(nested bool) MonitorOption
NestEvents controls whether event fields should be nested or left in dot-notated format.
func Stackdriver ¶
func Stackdriver(stackdriver bool) MonitorOption
Stackdriver controls whether ECS events will automatically convert to the special fields expected by Stackdriver.
The original ECS values will still be logged, but new Stackdriver values will also be created in the expected fields with any necessary transforms applied.
func Tracer ¶
func Tracer(tracer opentracing.Tracer) MonitorOption
Tracer associates a Monitor with an opentracing tracer.
type NopMonitor ¶
type NopMonitor struct {
}
NopMonitor is a disabled monitor for which all operation are no-op.
func (*NopMonitor) Fields ¶
func (nm *NopMonitor) Fields() map[string]interface{}
Fields returns a throw-away, always empty map of the fields.
func (*NopMonitor) Record ¶
func (nm *NopMonitor) Record(event map[string]interface{})
Record does nothing.
func (*NopMonitor) UpdateFields ¶
func (nm *NopMonitor) UpdateFields(event map[string]interface{})
UpdateFields does nothing.
type RootMonitor ¶
type RootMonitor struct {
// contains filtered or unexported fields
}
func NewRootMonitor ¶
func NewRootMonitor(opts ...MonitorOption) *RootMonitor
NewRootMonitor creates a new RootMonitor with the given MonitorOption functions applied.
func (*RootMonitor) AppendEmitter ¶
func (rm *RootMonitor) AppendEmitter(emitter Emitter)
AppendEmitter adds an emitter to the RootMonitor's emitter list.
This function is intended to be used inside of a MonitorOption function and generally should not be used outside of initialization.
func (*RootMonitor) Fields ¶
func (rm *RootMonitor) Fields() map[string]interface{}
Fields returns the fields currently set on the monitor.
func (*RootMonitor) Record ¶
func (rm *RootMonitor) Record(event map[string]interface{})
Record takes a series of fields and records an event.
func (*RootMonitor) SetStackdriverLogging ¶
func (rm *RootMonitor) SetStackdriverLogging(enabled bool)
SetStackdriverLogging enables or disables translation of ECS events into the fields needed by Stackdriver.
func (*RootMonitor) SetTracer ¶
func (rm *RootMonitor) SetTracer(tracer opentracing.Tracer)
SetTracer sets the tracer for the RootMonitor. Unlike emitters, there can be only one tracer.
This function is intended to be used inside of a MonitorOption function and generally should not be used outside of initialization.
func (*RootMonitor) Tracer ¶
func (rm *RootMonitor) Tracer() opentracing.Tracer
Tracer returns the tracer for the RootMonitor. Unlike emitters, there can be only one tracer.
func (*RootMonitor) UpdateFields ¶
func (rm *RootMonitor) UpdateFields(fields map[string]interface{})
UpdateFields updates the RootMonitor's Field set.
func (*RootMonitor) WithContext ¶
func (rm *RootMonitor) WithContext(ctx context.Context) context.Context
type SpanMonitor ¶
type SpanMonitor struct {
// SubeventsField is the field that all subevents will be recorded under.
// If no SubeventsField is set, subevents will be recorded to emitters as
// separate events. Has no effect on subevents emitted to an opentracing
// span.
SubeventsField string
// contains filtered or unexported fields
}
SpanMonitor is a short-lived monitor with additional contextual fields. It's typically used in conjunction with a Context. It relies on a parent Monitor to emit.
func NewSpanMonitorFromParent ¶
func NewSpanMonitorFromParent(m Monitor, opts ...SpanMonitorOption) *SpanMonitor
NewSpanMonitorFromParent creates a new
func (*SpanMonitor) Fields ¶
func (sm *SpanMonitor) Fields() map[string]interface{}
func (*SpanMonitor) Finish ¶
func (sm *SpanMonitor) Finish()
func (*SpanMonitor) Parent ¶
func (sm *SpanMonitor) Parent() Monitor
Parent returns the parent logger.
func (*SpanMonitor) Record ¶
func (sm *SpanMonitor) Record(event map[string]interface{})
Record takes a series of fields and records an event.
func (*SpanMonitor) Root ¶
func (sm *SpanMonitor) Root() *RootMonitor
Root returns the root monitor for the monitor tree. If the top level monitor is not a RootMonitor, it will return nil.
func (*SpanMonitor) Suppress ¶
func (sm *SpanMonitor) Suppress()
Suppress causes this span monitor to emit nothing.
func (*SpanMonitor) UpdateFields ¶
func (sm *SpanMonitor) UpdateFields(fields map[string]interface{})
UpdateFields updates the SpanMonitor's field set.
func (*SpanMonitor) WithContext ¶
func (sm *SpanMonitor) WithContext(ctx context.Context) context.Context
type SpanMonitorOption ¶
type SpanMonitorOption func(*SpanMonitor)
SpanMonitorOption configure a GlobalMonitor as it's being initialized.
func WithOpenTracingSpan ¶
func WithOpenTracingSpan(span opentracing.Span) SpanMonitorOption
WithOpenTracingSpan associates an opentracing span with the span monitor.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.