Ssong sumo 76740 metadata

[samjsong]

• Added log-opt tag support. https://docs.docker.com/engine/admin/logging/log_tags/
• Added log-opt sumo-source-category. Currently supports explicit strings, but can specify {{.Tag}} in the string to include the tag in the _sourceCategory. For example: test_category/{{.Tag}}/hello
• Added HTTP headers for X-Sumo-Name and X-Sumo-Category.
• Updated README to reflect changes

[rvmiller89]

we should add the same support for _sourceHost and _sourceName

[samjsong]

should we allow the tag to be in _sourceHost and _sourceName as well?

[rvmiller89]

yep, basically 3 ways for customer to specify the metadata

[rvmiller89]

I'm confused on the usage of --log-opt tag. I would think we can actually skip specifying this, and have the user specify the 3 metadata directly, such as

--log-opt sumo-source-category="Category_{{.ImageName}}" \
--log-opt sumo-source-name="{{.Name}}/{{.ID}}" \

etc.

[samjsong]

Yeah, I agree that would probably be simpler. One issue is that the tag option is a Docker supported thing: https://docs.docker.com/engine/admin/logging/log_tags/ so it makes sense to follow this convention of using the "tag" log-opt.

A smaller issue is that Docker provides in their code a way to easily parse the tag in their loggerutils package: tag, err := loggerutils.ParseLogTag(info, loggerutils.DefaultTemplate). To support the functionality you mention, I would have to ignore this package (they hard-coded the key "tag", so it wouldn't work with "sumo-source-category"), but if you feel that this would be a much better design, I can make that change

[rvmiller89]

Yea I think we'll want to look into this more, since we have 3 metadata fields, but only 1 tag field capable of template markup, which limits the usefulness of metadata. Thoughts @bin3377 ?

[samjsong]

Definitely. One thing we could do is to support the tag in the backend, in which case one possible approach would be to support templating in the 3 metadata fields, and also to support a fourth tag metadata field.

[rvmiller89]

I wonder if we could:

1. examine all 3 metadata fields to find set of template keys
2. create an artificial tag string containing each key separated by separator, e.g. {{.ID}}_{{. ImageName}}_{{.ImageName}}
3. use ParseLogTag to resolve the template, split again, and create a lookup map of each key to resolved value
4. use lookup map to string-replace the original metadata fields from (1)

[bin3377]

The problem here is: the native docker log/stats blades don't have ability to resolve the template in -tag (which is a go-lang feature). So for sending metadata in _sourceCategory (and other 2), I proposed to use a Sumo owned tokenized template as {{.MARKUP}} {{#LABEL}} and {{$ENV}}

So if we want make the docker logging driver has best compatible with native docker blades, Ideally sumo-source-XXXX should also support all 3 types of token and also add {{.Tag}} as one extra {{.MARKUP}} so customer can get benefit by both features (from docker -tag or from Sumo {{}})

And we can even give sumo-source-category a default value of {{.Tag}} so if customer just using -tag as in other logging driver, it will be sent as _sourceCategory

[bin3377]

@yuting-liu since we may want the native blades and logging driver has identical syntax on the metadata template

[bin3377]

add few changes around the metadata part:

• if sumo-source-category is not given, use the value from HTTP source (e.g. not sending in header)
• change token {{.Tag}} to {{tag}}; so later on, it can be extended to {{tag.Id}}, {{tag.name}}, etc.
• any unrecognized token(s) will be replaced to empty
• token name is case insensitive
• extend the code to easy adopt any interpret by just modify dictionary
• unit test update for these features

small fixes:

• trim leading "/" in the container's name when using default value of _sourceName (consist with docker sources)
• validate sumo-url existing and be valid URL when initial

[bin3377]

@latkin @rvmiller89 apply the change we discussed today. Please take a look before I merge it

[bin3377]

@latkin @rvmiller89 can you guys make it higher priority since @bgoleno want it out next week and we still have some validating process on the docker store side after we finalize the code

[latkin]

Fix some typos:

This project is a plugin for the docker engine, which delivers logs to Sumo Logic by pushing log messages through an HTTP source.
This is the guide for developers who want build and extend the plugin. If you just want use this plugin in your docker environment, please refer to the [readme file](README.md).

[latkin]

If everything goes fine, you can verify that the plugin is correctly installed with:

[latkin]

This will create a bash session in a docker container and send all console contents to a Sumo Logic HTTP source as log lines

[latkin]

unite = unit

[latkin]

If we are announcing this at Illuminate we should remove this warning. (can be separate PR)

[latkin]

For all of these, "searching on" should be "searching in"

[latkin]

If not specified, the default source category configured for the HTTP source will be used.

[latkin]

"If not specified, it will be the container's name" This should be in the "Default Value" column it sounds like

[bin3377]

it's a little bit different, since default value is always a fixed value but these 3 options are actually a behavior (since you cannot specify a container's name no matter whatever string you assigned here)

[latkin]

I woudl suggest using code style for the fixed value ones, and regular text description for others.

From casual user's perspective, if the "Default Value" column is empty, then they would expect no default value.

[bin3377]

ok. make sense

[latkin]

"Use {{Tag}} as the placeholder of tag option." I think wording could be improved -- is it correct to say "Within the source name, the token {{Tag}} will be replaced with the value of the Docker tag option."

Similar for category/host.

[latkin]

Would update wording to "Specifies a tag for messages, which can be used in the 'source category', 'source name', and source host' fields. Certain tokens of the form {{X}} are supported. Default value is {{.ID}}, the first 12 characters of the container ID. Refer to the [tag log-opt documentation] for more information and a list of supported tokens."

[latkin]

Why is it incrementing by 2?

[bin3377]

it's because the return of the FindAllSubmatchIndex() actually return a pattern as begin/end index of the matching sections

[latkin]

Does != "" also handle nil/null?

[bin3377]

That's because in golang the string cannot be nil (but *string can)

[latkin]

"If not specified, it will be the machine host name" should be in "default value" column

[latkin]

I know these should never be empty, but would be good to do != "" check on these too.

[bin3377]

ok. I can add the checking

[latkin]

Looking at https://docs.docker.com/engine/admin/logging/log_tags/ it seems that if users specify a tag logopt, then the value of the tag will be injected into every log message? Is this the case?

I thought we were using it simply as an easy way to do token evaluation, then only expected the result to be included in sourceCategory, sourceHost, etc.

Besides this, overall LGTM, just a bunch of small doc suggestions and a couple small code suggestions.

[bin3377]

The behavior of tag is decided by the logging driver. For example in Splunk plugin The tag can become a json field or a prefix depends on the format of message

So yes, in sumo plugin, we decide the tag only be used in 3 metadata fields depends on the parameter given (not as prefix because the multiline processing)

[latkin]

Ok, so when a Docker + Sumo user specifies a tag, the tag value will NOT be injected into log lines? Because it is up to our driver to decide what to do with it?

[latkin]

LGTM

[bin3377]

Merge to make a tag. feel free to comment

[aidansteele]

Did you end up implementing the {{.MARKUP}}, {{#LABEL}} and {{$ENV}} functionality @bin3377? I would like to be able to use Docker container labels in both the source host and source category, but right now this appears to not be possible with the current tag workaround.

[bin3377]

Not yet. File an issue #21 for tracking it. But since we will be consistent with the tag using in other SumoLogic source types, the tags will probably be changed to the formats described on this page