Skip to content

Instantly share code, notes, and snippets.

@cyrille-leclerc

cyrille-leclerc/0-README.md

Last active September 16, 2020 11:54
Show Gist options
  • Save cyrille-leclerc/df77175685fd3dc4c053fe060d04e29c to your computer and use it in GitHub Desktop.
Save cyrille-leclerc/df77175685fd3dc4c053fe060d04e29c to your computer and use it in GitHub Desktop.
Download ZIP
Sample log message emitted by a Spring Boot Application with LogBack and ECS Logging Java 0.4.0
Raw
1-sample-log-message-in-elasticsearch-logback-ecs-logging-java-0.4.0.json
{
"_index": "filebeat-7.8.0-2020.06.24-000001",
"_type": "_doc",
"_id": "oy__enMBfU2mhA8u4WlE",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2020-07-23T09:27:35.648Z",
"service.name": "com-shoppingcart_frontend",
"trace.id": "831a953a92e2e3934aef79444130cc7a",
"fields": {
"env": "staging"
},
"agent": {
"hostname": "cyrille-laptop",
"ephemeral_id": "629b01e7-bc0c-48b8-9779-eee84c21500a",
"id": "e1d83b8a-38df-4a55-be4c-9dc4dea879cd",
"name": "cyrille-laptop",
"type": "filebeat",
"version": "7.8.0"
},
"host": {
"ip": [
...
],
"mac": [
...
],
"hostname": "cyrille-laptop",
"name": "cyrille-laptop",
"architecture": "x86_64",
"os": {
"platform": "darwin",
"version": "10.15.6",
"family": "darwin",
"name": "Mac OS X",
"kernel": "19.6.0",
"build": "19G73"
},
"id": "04A12D9F-C409-5352-B238-99EA58CAC285"
},
"transaction.id": "3cee608983425c61",
"log": {
"offset": 1304303,
"file": {
"path": "/usr/local/var/log/my-shopping-cart/frontend.log"
}
},
"log.level": "INFO",
"message": "SUCCESS createOrder([OrderController.OrderForm@2fdc3e85list[[OrderProductDto@506b5d96 product = [Product@43a66387 id = 6, name = 'Phone', price = 500.0], quantity = 2]]]): totalPrice: 1000.0, id:1654168",
"event.dataset": "com-shoppingcart_frontend.log",
"process.thread.name": "http-nio-8080-exec-10",
"log.logger": "com.mycompany.ecommerce.controller.OrderController",
"input": {
"type": "log"
},
"ecs": {
"version": "1.5.0"
}
},
"fields": {
"cef.extensions.flexDate1": [],
"netflow.flow_end_microseconds": [],
"netflow.system_init_time_milliseconds": [],
"netflow.flow_end_nanoseconds": [],
"misp.observed_data.last_observed": [],
"netflow.max_flow_end_microseconds": [],
"file.mtime": [],
"aws.cloudtrail.user_identity.session_context.creation_date": [],
"netflow.min_flow_start_seconds": [],
"misp.intrusion_set.first_seen": [],
"file.created": [],
"misp.threat_indicator.valid_from": [],
"process.parent.start": [],
"azure.auditlogs.properties.activity_datetime": [],
"crowdstrike.event.ProcessStartTime": [],
"zeek.ocsp.update.this": [],
"crowdstrike.event.IncidentStartTime": [],
"netflow.observation_time_microseconds": [],
"event.start": [],
"cef.extensions.agentReceiptTime": [],
"cef.extensions.oldFileModificationTime": [],
"checkpoint.subs_exp": [],
"event.end": [],
"netflow.max_flow_end_milliseconds": [],
"netflow.min_flow_start_nanoseconds": [],
"zeek.smb_files.times.changed": [],
"crowdstrike.event.StartTimestamp": [],
"netflow.flow_start_nanoseconds": [],
"netflow.flow_start_seconds": [],
"crowdstrike.event.ProcessEndTime": [],
"zeek.x509.certificate.valid.until": [],
"misp.observed_data.first_observed": [],
"netflow.exporter.timestamp": [],
"netflow.monitoring_interval_start_milli_seconds": [],
"cef.extensions.oldFileCreateTime": [],
"event.ingested": [],
"@timestamp": [
"2020-07-23T09:27:35.648Z"
],
"zeek.ocsp.update.next": [],
"crowdstrike.event.UTCTimestamp": [],
"tls.server.not_before": [],
"cef.extensions.startTime": [],
"netflow.min_flow_start_milliseconds": [],
"azure.signinlogs.properties.created_at": [],
"cef.extensions.endTime": [],
"suricata.eve.tls.notbefore": [],
"zeek.kerberos.valid.from": [],
"cef.extensions.fileCreateTime": [],
"misp.threat_indicator.valid_until": [],
"crowdstrike.event.EndTimestamp": [],
"misp.campaign.last_seen": [],
"cef.extensions.deviceReceiptTime": [],
"netflow.observation_time_seconds": [],
"crowdstrike.metadata.eventCreationTime": [],
"cef.extensions.fileModificationTime": [],
"tls.client.not_before": [],
"zeek.smb_files.times.created": [],
"zeek.smtp.date": [],
"netflow.collection_time_milliseconds": [],
"zeek.pe.compile_time": [],
"netflow.max_flow_end_seconds": [],
"tls.client.not_after": [],
"netflow.flow_start_milliseconds": [],
"event.created": [],
"package.installed": [],
"zeek.kerberos.valid.until": [],
"suricata.eve.flow.end": [],
"netflow.observation_time_milliseconds": [],
"netflow.flow_start_microseconds": [],
"tls.server.not_after": [],
"netflow.flow_end_seconds": [],
"process.start": [],
"suricata.eve.tls.notafter": [],
"zeek.snmp.up_since": [],
"azure.enqueued_time": [],
"netflow.max_flow_end_nanoseconds": [],
"misp.intrusion_set.last_seen": [],
"netflow.min_flow_start_microseconds": [],
"netflow.observation_time_nanoseconds": [],
"cef.extensions.managerReceiptTime": [],
"file.accessed": [],
"netflow.flow_end_milliseconds": [],
"misp.campaign.first_seen": [],
"netflow.min_export_seconds": [],
"suricata.eve.flow.start": [],
"suricata.eve.timestamp": [
"2020-07-23T09:27:35.648Z"
],
"cef.extensions.deviceCustomDate1": [],
"cef.extensions.deviceCustomDate2": [],
"netflow.monitoring_interval_end_milli_seconds": [],
"file.ctime": [],
"crowdstrike.event.IncidentEndTime": [],
"zeek.smb_files.times.accessed": [],
"zeek.ocsp.revoke.time": [],
"zeek.x509.certificate.valid.from": [],
"netflow.max_export_seconds": [],
"zeek.smb_files.times.modified": [],
"kafka.block_timestamp": [],
"misp.report.published": []
},
"sort": [
1595496455648
]
}
Raw
2-sample-log-message-on-disk-logback-ecs-logging-java-0.4.0.json
{
"@timestamp":"2020-07-23T09:27:35.648Z",
"log.level":"INFO",
"message":"SUCCESS createOrder([OrderController.OrderForm@6ad576celist[[OrderProductDto@783da093 product = [Product@1eb0be6f id = 6, name = 'Phone', price = 500.0], quantity = 2]]]): totalPrice: 1000.0, id:1850281",
"service.name":"com-shoppingcart_frontend",
"event.dataset":"com-shoppingcart_frontend.log",
"process.thread.name":"http-nio-8080-exec-1",
"log.logger":"com.mycompany.ecommerce.controller.OrderController",
"transaction.id":"3cee608983425c61",
"trace.id":"831a953a92e2e3934aef79444130cc7a"
}
Raw
3-logback-spring-ecs-file-appender.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
See
https://github.com/spring-projects/spring-boot/blob/v2.2.5.RELEASE/spring-boot-project/spring-boot/src/main/resources/org/springframework/boot/logging/logback/file-appender.xml
-->
<included>
<appender name="LOG_FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<encoder class="co.elastic.logging.logback.EcsEncoder">
<serviceName>com-shoppingcart_frontend</serviceName>
</encoder>
<file>${LOG_FILE}</file>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<cleanHistoryOnStart>${LOG_FILE_CLEAN_HISTORY_ON_START:-false}</cleanHistoryOnStart>
<fileNamePattern>${ROLLING_FILE_NAME_PATTERN:-${LOG_FILE}.%d{yyyy-MM-dd}.%i.gz}</fileNamePattern>
<maxFileSize>${LOG_FILE_MAX_SIZE:-10MB}</maxFileSize>
<maxHistory>${LOG_FILE_MAX_HISTORY:-7}</maxHistory>
<totalSizeCap>${LOG_FILE_TOTAL_SIZE_CAP:-0}</totalSizeCap>
</rollingPolicy>
</appender>
</included>
Raw
4-filebeat.yml
filebeat.inputs:
- type: log
enabled: true
json.keys_under_root: true
json.overwrite_keys: true
paths:
- /usr/local/var/log/my-shopping-cart/frontend.log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment