summaryrefslogtreecommitdiffstats
path: root/docs/_posts/2013-09-10-json-encoded-logs.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/_posts/2013-09-10-json-encoded-logs.md')
-rw-r--r--docs/_posts/2013-09-10-json-encoded-logs.md56
1 files changed, 56 insertions, 0 deletions
diff --git a/docs/_posts/2013-09-10-json-encoded-logs.md b/docs/_posts/2013-09-10-json-encoded-logs.md
new file mode 100644
index 0000000..1fa36a4
--- /dev/null
+++ b/docs/_posts/2013-09-10-json-encoded-logs.md
@@ -0,0 +1,56 @@
+---
+layout: post
+title: "Support for JSON-encoded logs in v0.6.1"
+date: 2013-09-10 00:00:00
+excerpt: Turning JSON barf into something readable.
+---
+
+Making logs easily digestible by machines is becoming a concern as tools like
+elasticsearch become more popular. One of the popular strategies is to encode
+the whole log message in JSON and then write that as a single line to a file.
+For example:
+
+```json
+{"time": "2013-09-04T23:55:09.274041Z", "level" : "INFO", "body" : "Hello, World!" }
+{"time": "2013-09-04T23:56:00.285224Z", "level" : "ERROR", "body" : "Something terrible has happened!", "tb": " foo.c:12\n bar.y:33" }
+```
+
+Unfortunately, what is good for a machine is not so great for a human. To try to
+improve the situation, the latest release of lnav includes support for parsing
+JSON log messages and transforming them on-the-fly. The display format is
+specified in a log format configuration and can specify which fields should be
+displayed on the main message line. Any unused fields that are found in the
+message will be displayed below the main field so you don't miss anything.
+
+The above log lines can be transformed using the following format configuration:
+
+```json
+{
+ "json_ex_log": {
+ "title": "Example JSON Log",
+ "description": "An example log format configuration for JSON logs",
+ "json": true,
+ "file-pattern": "test-log\\.json.*",
+ "level-field": "level",
+ "line-format": [
+ {
+ "field": "time"
+ },
+ " ",
+ {
+ "field": "body"
+ }
+ ]
+ }
+}
+```
+
+After copying this config to `~/.lnav/formats/test/format.json`, the log messages
+will look like this when viewed in lnav:
+
+```
+2013-09-04T23:55:09.274041Z Hello, World!
+2013-09-04T23:56:00.285224Z Something terrible has happened!
+ tb: foo.c:12
+ tb: bar.y:33
+```
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 20:39:00 +0000