Logstash-Output-Sentry Plugin

This is a plugin for Logstash.

This plugin gives you the possibility to send your output parsed with Logstash to a Sentry host.

This plugin is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.

But keep in mind that this is not an official plugin, and this plugin is not supported by the Logstash community.

Documentation

Installation

You must have Logstash installed for using this plugin. You can find instructions on how to install it on the Logstash website. Maybe the easiest way to install is using their repositories.

As this plugin has been shared on RubyGems with the name logstash-output-sentry you can install it using the following command from your Logstash installation path:

bin/logstash-plugin install logstash-output-sentry

When installing from official repository as suggested below, the installation path is /opt/logstash.

Usage

Sentry is a modern error logging and aggregation platform. It's important to note that Sentry should not be thought of as a log stream, but as an aggregator. It fits somewhere in-between a simple metrics solution (such as Graphite) and a full-on log stream aggregator (like Logstash).

• In Sentry, generate and get your client key (Settings -> Client key). The client key has this form:

  [http|https]://[key]:[secret]@[host]/[project_id]
  

• Setup logstash to write to sentry:

  output {
  sentry {
  'key' => "yourkey"
  'secret' => "yoursecret"
  'project_id' => "yourprojectid"
  }
  }
  

• By default, the plugin connects to https://app.getsentry.com/api. Set the url if you have installed Sentry on your own machine:

  output {
  sentry {
  'url' => "http://local.sentry:9000/api"
  'key' => "yourkey"
  'secret' => "yoursecret"
  'project_id' => "yourprojectid"
  }
  }
  

• If you don't configure anything else, the necessary fields will be set automatically, i.e., event_id, timestamp (set to @timestamp), logger (set to "logstash") and platform (set to "other"). All the other fields from logstash are going to be put into the extra field in sentry. Additionally, the level is set to "error" and the server_name to the value of host.

• The plugin can write to all the fields that the sentry interface currently supports, i.e., timestamp, message, logger, platform, sdk, level, culprit, server_name, release, tags, environment, modules, extra, fingerprint, exception, sentry.interface.Message, stacktrace, template, breadcrumbs, contexts, request, threads, user, debug_meta, repos, sdk. To set a field, you can either read the value from another field or set it to a constant value by setting the corresponding _value:

  output {
  sentry {
  'message' => "message" # sets message to the contents of the message field
  'environment' => "[tag][Environment]" # sets message to the contents of the field Environment in tag
  'exception' => "[@metadata][sentry][exception]" # sets exception to the metadata field, see below for a complete example
  'user_value' => "nobody" # sets the user to the constant "nobody"
  
  'key' => "yourkey"
  'secret' => "yoursecret"
  'project_id' => "yourprojectid"
  }
  }
  

• You can also prepare the settings in a filter to create a cleaner config:

  input {
  syslog {
  port => 514
  type => "syslog"
  }
  

tcp { port => 1514 type => "cisco-ios" }

tcp { port => 2514 type => "application" } } filter { if [type] == "syslog" { mutate { add_field => { "[@metadata][sentry][msg]" => "%host" "[@metadata][sentry][severity]" => "%severity" "[@metadata][sentry][host]" => "192.168.1.101" "[@metadata][sentry][pid]" => "2" "[@metadata][sentry][key]" => "d3921923d34a4344878f7b83e2061229" "[@metadata][sentry][secret]" => "d0163ef306c04148aee49fe4ce7621b1" } } } else if [type] == "cisco-ios" { mutate { add_field => { "[@metadata][sentry][msg]" => "%host" "[@metadata][sentry][severity]" => "%severity" "[@metadata][sentry][host]" => "192.168.1.101" "[@metadata][sentry][pid]" => "3" "[@metadata][sentry][key]" => "d398098q2349883e206178098" "[@metadata][sentry][secret]" => "da098d890f098d09809f6098c87e0" } } } else if [type] == "application" { mutate { add_field => { "[@metadata][sentry][msg]" => "%host" "[@metadata][sentry][severity]" => "%severity" "[@metadata][sentry][host]" => "192.168.1.150" "[@metadata][sentry][pid]" => "4" "[@metadata][sentry][key]" => "d39dc435326d987d5678e98d76cf78098" "[@metadata][sentry][secret]" => "07d09876d543d2a345e43c4e567d" } } } } output { sentry { server_name => "[@metadata][sentry][host]" level => "[@metadata][sentry][severity]" message => "[@metadata][sentry][msg]"

project_id     => "%{[@metadata][sentry][pid]}"
key            => "%{[@metadata][sentry][key]}"
secret         => "%{[@metadata][sentry][secret]}"

} }

## Contributing

All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.

Note that this plugin has been written from [this Gist](https://gist.github.com/clarkdave/edaab9be9eaa9bf1ee5f).