Edge Delta Log Level Detector Node

Determine and assign the log level.

  2 minute read  

Beta

Overview

The Log Level Detector Node searches for a log level pattern in the log body and creates a severity_text attribute for the discovered level. You can also define a fallback value if no level can be detected in the log.

  • incoming_data_types: log
  • outgoing_data_types: log

Example Configuration

The example captures the value of a field called level in the log body.

nodes:
- name: log_level_detector_test
  type: log_level_detector
  pattern: level=([A-Z]+)
  fallback_value: unknown

Suppose the following log is fed to the log level detector node.

timestamp=2024-05-01T09:30:00Z, node_id=node9, level=WARN, message=Exceeded memory limit, service=memory-manager, trace_id=9012ijkl

Output Log:

The node outputs the following log:

{
  "_type": "log"
  "body": "timestamp=2024-05-01T09:30:00Z, node_id=node9, level=WARN, message=Exceeded memory limit, service=memory-manager, trace_id=9012ijkl"
  "resource": {
    "config_id": "87654321-1321-69874-9456-s5123456h7"
    "ed.filepath": "test/file/path"
    "ed.tag": "ed_parallel"
    "host.name": "ED_TEST"
    "ip": "10.0.0.1"
    "src_type": "file_input"
  }
  "severity_text": "WARN"
  "timestamp": 1703767187363
}

The log level is indicated with an icon column in the log search table and in the log details pane.

Required Parameters

name

A descriptive name for the node. This is the name that will appear in Visual Pipelines and you can reference this node in the YAML using the name. It must be unique across all nodes. It is a YAML list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.

nodes:
  - name: <node name>
    type: <node type>

type: ​​log_level_detector

The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.

nodes:
  - name: <node name>
    type: <node type>

pattern

The pattern parameter is the Golang regex pattern that will be used to identify the log level. It can have at most one capture group. If there is no capture group, the whole matched pattern is used as the log level. If a capture group is present, a sub-match of the capture group is used as the log level. It is specified as a string and is required. See Regex Testing for details on writing effective regex patterns.

nodes:
  - name: <node name>
    type: ​​log_level_detector
    pattern: <regex pattern>

Optional Parameters

fallback_value

The fallback_value parameter is the log level to assign to the log as the log level. It is specified as a string and is optional.

nodes:
  - name: <node name>
    type: ​​log_level_detector
    pattern: <regex pattern>
    fallback_value: <fallback value>