README.md

Stanza Log Agent Documentation

This repo contains documentation for the Stanza Log Agent.

How do I configure the agent?

The agent is configured using a YAML config file that is passed in using the --config flag. This file defines a collection of operators beneath a top-level pipeline key. Each operator possesses a type and id field.

pipeline:
  - type: udp_input
    listen_address: :5141

  - type: syslog_parser
    parse_from: message
    protocol: rfc5424

  - type: elastic_output

What is an operator?

An operator is the most basic unit of log processing. Each operator fulfills only a single responsibility, such as reading lines from a file, or parsing JSON from a field. These operators are then chained together in a pipeline to achieve a desired result.

For instance, a user may read lines from a file using the file_input operator. From there, the results of this operation may be sent to a regex_parser operator that creates fields based on a regex pattern. And then finally, these results may be sent to a elastic_output operator that writes each line to Elasticsearch.

What operators are available?

Inputs:

• File input
• Windows Event Log input
• TCP input
• UDP input
• Journald input
• Generate input

Parsers:

• JSON parser
• Regex parser
• Syslog parser
• Severity parser
• Time parser

Outputs:

• Google Cloud Logging
• Elasticsearch
• Stdout

General purpose:

• Metadata
• Restructure records
• Router
• Filter
• Kubernetes Metadata Decorator
• Host Metadata
• Rate limit

Or create your own plugins for a technology-specific use case.