Skip to content

Instantly share code, notes, and snippets.

@bedge

bedge/sumo-app.json

Last active March 20, 2021 16:04
Show Gist options
  • Save bedge/da36aa293bc40f776e91cab7d0ffe031 to your computer and use it in GitHub Desktop.
Save bedge/da36aa293bc40f776e91cab7d0ffe031 to your computer and use it in GitHub Desktop.
Download ZIP
Sumo collector json mask rule syntax for json log message field names wacky escaping required, eg: {"username":"name to redact"}
Raw
sumo-app.json
{
"api.version":"v1",
"sources":[
{
"name": "app.log",
"description": "app.log json",
"category": "product/app",
"timezone": "UTC",
"sourceType": "LocalFile",
"forceTimeZone": true,
"pathExpression": "/var/log/app.log",
"filters":[{
"filterType":"Mask",
"name":"userName",
"regexp":"\\\\\"userName\\\\\":\\\\\"([^\\\\\"]+)\\\\\",",
"mask":"USERNAME_MASK"
},{
"filterType":"Mask",
"name":"email",
"regexp":"\\\\\"email\\\\\":\\\\\"([^\\\\\"]+)\\\\\",",
"mask":"EMAIL_MASK"
},{
"filterType":"Mask",
"name":"firstname",
"regexp":"\\\\\"firstName\\\\\":\\\\\"([^\\\\\"]+)\\\\\",",
"mask":"FIRSTNAME_MASK"
},{
"filterType":"Mask",
"name":"lastname",
"regexp":"\\\\\"lastName\\\\\":\\\\\"([^\\\\\"]+)\\\\\",",
"mask":"LASTNAME_MASK"
},{
"filterType":"Mask",
"name":"phone",
"regexp":"\\\\\"phone\\\\\":\\\\\"([^\\\\\"]+)\\\\\",",
"mask":"PHONE_MASK"
}]
}
]
}
@bedge
Copy link
Author

bedge commented Mar 20, 2021

Neither doc page, from the UI or the json config rules page allude to the level of escaping required, so maybe this will save someone a bit of time.
I ended up crafting the regex using the sumo admin UI, with the collector in "cloud mode", then using the (i) info button to dump the json and scraping that into the collector json, then flipping the collector back to "local mode" so that it picked up the local json instead of the cloud cfg.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment