Graylog output plugin for Unomaly https://unomaly.com
This plugin is intended for streaming logs to the Unomaly REST API, so that you can algorithmically detect anomalies across your entire infrastructure.
Required Graylog version: 2.4.0 and later Required Unomaly version: 2.27 and later
Download the plugin and place the
.jar file in your Graylog plugin directory. The plugin directory is the
plugins/ folder relative from your
graylog-server directory by default and can be configured in your
graylog-server and you are done.
The Unomaly plugin will be available in Graylog like any other output plugin. It can for example be attached to one or more streams or processing pipelines. The latter is the way to go if you need to perform record transformation, like changing the source of a log event.
You can improve your development experience for the web interface part of your plugin dramatically by making use of hot reloading. To do this, do the following:
git clone https://github.com/Graylog2/graylog2-server.git
ln -s $YOURPLUGIN plugin/
npm install && npm start
By default, this plugin will use the
source field in the Graylog events as the source for events sent to Unomaly. This might not always be ideal if you are using a microservice based architecture, most likely, you’d want to find anomalies per microservice, rather than per container. You can change this behavior by adding a pipeline with rule(s) in Graylog. Example follows below where we mutate the event to have the
service_name field as the specified
source which Unomaly will see instead.
rule "transform_unomaly" when has_field("service_name") then let new_src = to_string($message.service_name); set_field("source", new_src); end
This project is using Maven 3 and requires Java 7 or higher.
- Clone this repository.
mvn packageto build a JAR file.
- Optional: Run
mvn rpm:rpmto create a DEB and RPM package respectively.
- Copy generated JAR file in target directory to your Graylog plugin directory.
- Restart the Graylog.
We are using the maven release plugin:
$ mvn release:prepare […] $ mvn release:perform
This sets the version numbers, creates a tag and pushes to GitHub. Travis CI will build the release artifacts and upload to GitHub automatically.
Bug reports and pull requests are welcome on GitHub at GitHub - unomaly/graylog-plugin-unomaly: Graylog output plugin for Unomaly https://unomaly.com. This project is intended to be a safe, welcoming space for collaboration.