Skip to main content
Version: 3.0

loggly

Description#

The loggly Plugin is used to forward logs to SolarWinds Loggly for analysis and storage.

When the Plugin is enabled, APISIX will serialize the request context information to Loggly Syslog data format which is Syslog events with RFC5424 compliant headers.

When the maximum batch size is exceeded, the data in the queue is pushed to Loggly enterprise syslog endpoint. See batch processor for more details.

Attributes#

NameTypeRequiredDefaultDescription
customer_tokenstringTrueUnique identifier used when sending logs to Loggly to ensure that they are sent to the right organisation account.
severitystring (enum)FalseINFOSyslog log event severity level. Choose between: DEBUG, INFO, NOTICE, WARNING, ERR, CRIT, ALERT, and EMEGR.
severity_mapobjectFalsenilA way to map upstream HTTP response codes to Syslog severity. Key-value pairs where keys are the HTTP response codes and the values are the Syslog severity levels. For example {"410": "CRIT"}.
tagsarrayFalseMetadata to be included with any event log to aid in segmentation and filtering.
include_req_bodybooleanFalsefalseWhen set to true includes the request body in the log. If the request body is too big to be kept in the memory, it can't be logged due to Nginx's limitations.
include_resp_bodybooleanFalsefalseWhen set to true includes the response body in the log.
include_resp_body_exprarrayFalseWhen the include_resp_body attribute is set to true, use this to filter based on lua-resty-expr. If present, only logs the response if the expression evaluates to true.

This Plugin supports using batch processors to aggregate and process entries (logs/data) in a batch. This avoids the need for frequently submitting the data. The batch processor submits data every 5 seconds or when the data in the queue reaches 1000. See Batch Processor for more information or setting your custom configuration.

To generate a Customer token, go to <your assigned subdomain>/loggly.com/tokens or navigate to Logs > Source setup > Customer tokens.

Metadata#

You can also configure the Plugin through Plugin metadata. The following configurations are available:

NameTypeRequiredDefaultValid valuesDescription
hoststringFalse"logs-01.loggly.com"Endpoint of the host where the logs are being sent.
portintegerFalse514Loggly port to connect to. Only used for syslog protocol.
timeoutintegerFalse5000Loggly send data request timeout in milliseconds.
protocolstringFalse"syslog"[ "syslog" , "http", "https" ]Protocol in which the logs are sent to Loggly.
log_formatobjectFalsenilLog format declared as key value pairs in JSON format. Values only support strings. APISIX or Nginx variables can be used by prefixing the string with $.

We support Syslog, HTTP/S (bulk endpoint) protocols to send log events to Loggly. By default, in APISIX side, the protocol is set to "syslog". It lets you send RFC5424 compliant syslog events with some fine-grained control (log severity mapping based on upstream HTTP response code). But HTTP/S bulk endpoint is great to send larger batches of log events with faster transmission speed. If you wish to update it, just update the metadata.

note

APISIX supports Syslog and HTTP/S protocols to send data to Loggly. Syslog lets you send RFC5424 compliant syslog events with fine-grained control. But, HTTP/S bulk endpoint is better while sending large batches of logs at a fast transmission speed. You can configure the metadata to update the protocol as shown below:

curl http://127.0.0.1:9180/apisix/admin/plugin_metadata/loggly -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"protocol": "http"
}'

Enabling the Plugin#

Full configuration#

The example below shows a complete configuration of the Plugin on a specific Route:

curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins":{
"loggly":{
"customer_token":"0e6fe4bf-376e-40f4-b25f-1d55cb29f5a2",
"tags":["apisix", "testroute"],
"severity":"info",
"severity_map":{
"503": "err",
"410": "alert"
},
"buffer_duration":60,
"max_retry_count":0,
"retry_delay":1,
"inactive_timeout":2,
"batch_max_size":10
}
},
"upstream":{
"type":"roundrobin",
"nodes":{
"127.0.0.1:80":1
}
},
"uri":"/index.html"
}'

Minimal configuration#

The example below shows a bare minimum configuration of the Plugin on a Route:

curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins":{
"loggly":{
"customer_token":"0e6fe4bf-376e-40f4-b25f-1d55cb29f5a2",
}
},
"upstream":{
"type":"roundrobin",
"nodes":{
"127.0.0.1:80":1
}
},
"uri":"/index.html"
}'

Example usage#

Now, if you make a request to APISIX, it will be logged in Loggly:

curl -i http://127.0.0.1:9080/index.html

You can then view the logs on your Loggly Dashboard:

Disable Plugin#

To disable the file-logger Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.

curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/index.html",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:80": 1
}
}
}'