diff --git a/src/core/server/logging/README.md b/src/core/server/logging/README.md index c08222bb6dfbd2..1865962ff58a62 100644 --- a/src/core/server/logging/README.md +++ b/src/core/server/logging/README.md @@ -330,6 +330,17 @@ Here is what we get with the config above: | metrics.ops | console | debug | +For example to see _all_ log messages that fall back on the `root` logger configuration, just add one line to the configuration: + +```yaml +logging.root.level: all +``` + +Or disable logging entirely with `off`: + +```yaml +logging.root.level: off +``` ### Dedicated loggers The `root` logger has a dedicated configuration node since this context is special and should always exist. By @@ -353,19 +364,6 @@ ops.interval: 5000 ``` The minimum interval is 100ms and defaults to 5000ms. - -For example to see _all_ log messages that fall back on the `root` logger configuration, just add one line to the configuration: - -```yaml -logging.root.level: all -``` - -Or disable logging entirely with `off`: - -```yaml -logging.root.level: off -``` - ## Usage Usage is very straightforward, one should just get a logger for a specific context and use it to log messages with diff --git a/src/core/server/logging/ecs.ts b/src/core/server/logging/ecs.ts index bdddc70585a4a1..d20f54a322744b 100644 --- a/src/core/server/logging/ecs.ts +++ b/src/core/server/logging/ecs.ts @@ -39,8 +39,52 @@ interface EcsProcessField { uptime?: number; } -interface EcsEventField { - kind?: string; - category?: string[]; +export interface EcsEventField { + kind?: EcsEventKind; + category?: EcsEventCategory[]; type?: string; } + +export enum EcsEventKind { + ALERT = 'alert', + EVENT = 'event', + METRIC = 'metric', + STATE = 'state', + PIPELINE_ERROR = 'pipeline_error', + SIGNAL = 'signal', +} + +export enum EcsEventCategory { + AUTHENTICATION = 'authentication', + CONFIGURATION = 'configuration', + DATABASE = 'database', + DRIVER = 'driver', + FILE = 'file', + HOST = 'host', + IAM = 'iam', + INTRUSION_DETECTION = 'intrusion_detection', + MALWARE = 'malware', + NETWORK = 'network', + PACKAGE = 'package', + PROCESS = 'process', + WEB = 'web', +} + +export enum EcsEventType { + ACCESS = 'access', + ADMIN = 'admin', + ALLOWED = 'allowed', + CHANGE = 'change', + CONNECTION = 'connection', + CREATION = 'creation', + DELETION = 'deletion', + DENIED = 'denied', + END = 'end', + ERROR = 'error', + GROUP = 'group', + INFO = 'info', + INSTALLATION = 'installation', + PROTOCOL = 'protocol', + START = 'start', + USER = 'user', +} diff --git a/src/core/server/logging/index.ts b/src/core/server/logging/index.ts index c7a172aeeb04ae..18a903af0a9fdf 100644 --- a/src/core/server/logging/index.ts +++ b/src/core/server/logging/index.ts @@ -17,7 +17,13 @@ export { LogLevelId, LogLevel, } from '@kbn/logging'; -export { EcsOpsMetricsEvent } from './ecs'; +export { + EcsOpsMetricsEvent, + EcsEventField, + EcsEventKind, + EcsEventCategory, + EcsEventType, +} from './ecs'; export { config, LoggingConfigType, diff --git a/src/core/server/metrics/logging/get_ops_metrics_log.ts b/src/core/server/metrics/logging/get_ops_metrics_log.ts index c60e9c0bc9b280..361cac0bc310c5 100644 --- a/src/core/server/metrics/logging/get_ops_metrics_log.ts +++ b/src/core/server/metrics/logging/get_ops_metrics_log.ts @@ -7,7 +7,7 @@ */ import numeral from '@elastic/numeral'; -import { EcsOpsMetricsEvent } from '../../logging'; +import { EcsOpsMetricsEvent, EcsEventKind, EcsEventCategory, EcsEventType } from '../../logging'; import { OpsMetrics } from '..'; const ECS_VERSION = '1.7.0'; @@ -55,9 +55,9 @@ export function getEcsOpsMetricsLog(metrics: OpsMetrics): EcsOpsMetricsEvent { ecs: { version: ECS_VERSION }, message: `${processMemoryUsedInBytesMsg}${uptimeValMsg}${loadValsMsg}${eventLoopDelayValMsg}`, event: { - kind: 'metric', - category: ['process', 'host'], - type: 'info', + kind: EcsEventKind.METRIC, + category: [EcsEventCategory.PROCESS, EcsEventCategory.HOST], + type: EcsEventType.INFO, }, process: { uptime: uptimeVal,