riemannedit

This is a community-maintained plugin! It does not ship with Logstash by default, but it is easy to install by running bin/plugin install logstash-output-riemann.

Riemann is a network event stream processing system.

While Riemann is very similar conceptually to Logstash, it has much more in terms of being a monitoring system replacement.

Riemann is used in Logstash much like statsd or other metric-related outputs

You can learn about Riemann here:

 

Synopsisedit

This plugin supports the following configuration options:

Required configuration options:

riemann {
}

Available configuration options:

Setting Input type Required Default value

codec

codec

No

"plain"

debug

boolean

No

false

host

string

No

"localhost"

map_fields

boolean

No

false

port

number

No

5555

protocol

string, one of ["tcp", "udp"]

No

"tcp"

riemann_event

hash

No

sender

string

No

"%{host}"

workers

number

No

1

Detailsedit

 

codecedit

  • Value type is codec
  • Default value is "plain"

The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.

debugedit

  • Value type is boolean
  • Default value is false

Enable debugging output?

hostedit

  • Value type is string
  • Default value is "localhost"

The address of the Riemann server.

map_fieldsedit

  • Value type is boolean
  • Default value is false

If set to true automatically map all logstash defined fields to riemann event fields. All nested logstash fields will be mapped to riemann fields containing all parent keys separated by dots and the deepest value.

As an example, the logstash event:

   {
     "@timestamp":"2013-12-10T14:36:26.151+0000",
     "@version": 1,
     "message":"log message",
     "host": "host.domain.com",
     "nested_field": {
                       "key": "value"
                     }
   }

Is mapped to this riemann event:

  {
    :time 1386686186,
    :host host.domain.com,
    :message log message,
    :nested_field.key value
  }

It can be used in conjunction with or independent of the riemann_event option. When used with the riemann_event any duplicate keys receive their value from riemann_event instead of the logstash event itself.

portedit

  • Value type is number
  • Default value is 5555

The port to connect to on your Riemann server.

protocoledit

  • Value can be any of: tcp, udp
  • Default value is "tcp"

The protocol to use UDP is non-blocking TCP is blocking

Logstash’s default output behaviour is to never lose events As such, we use tcp as default here

riemann_eventedit

  • Value type is hash
  • There is no default value for this setting.

A Hash to set Riemann event fields (http://riemann.io/concepts.html).

The following event fields are supported: description, state, metric, ttl, service

Tags found on the Logstash event will automatically be added to the Riemann event.

Any other field set here will be passed to Riemann as an event attribute.

Example:

    riemann {
        riemann_event => {
            "metric"  => "%{metric}"
            "service" => "%{service}"
        }
    }

metric and ttl values will be coerced to a floating point value. Values which cannot be coerced will zero (0.0).

description, by default, will be set to the event message but can be overridden here.

senderedit

  • Value type is string
  • Default value is "%{host}"

The name of the sender. This sets the host value in the Riemann event

workersedit

  • Value type is number
  • Default value is 1

The number of workers to use for this output. Note that this setting may not be useful for all outputs.