Proxy configuration properties and preprocessor rules for logging.
Important: The Logs feature is enabled only for selected customers. To participate, contact your account representative or technical support.
Proxy configuration properties let you customize proxy behavior. Proxy preprocessor rules let you block, allow, or replace parts of the incoming traffic. This doc page is a reference to properties specific to the Logs feature. See Advanced Proxy Configuration and Proxy Preprocessor Rules for the properties and rule options for other kind of data.
Proxy Configuration Properties for Logs
If your logs don’t use the attributes that our logging solution expects, or if you want to customize proxy behavior otherwise, you can use proxy configuration properties to do that.
We’ve added the following configuration properties for logs to the already existing proxy configuration properties.
Properties for Changing Log Tags
Properties for Modifying Proxy Behavior
Properties for VMware Cloud Services Subscriptions
Note: Starting July 3, 2023, VMware Aria Operations for Applications is a service on the VMware Cloud services platform. After this date, we support two types of subscriptions: Operations for Applications subscriptions onboarded to the VMware Cloud services platform and original subscriptions. Original subscriptions are the existing ones and they remain as is until they migrate to VMware Cloud services. The content in this section is valid for onboarded subscribers. For information about original and new subscriptions and the differences between them, see Subscription Types.
VMware Cloud services provides access to both VMware Aria Operations for Logs and VMware Aria Operations for Applications. Therefore, to send logs data and see the data on the Operations for Applications Logs Browser, you must configure the proxy with the Operations for Logs URL and token.
| Property | Description |
|---|---|
| logServerIngestionURL | The URL you use to send data to Operations for Logs. |
| logServerIngestionToken | The authorization token that was given by Operations for Logs. |
Proxy Preprocessor Rules for Logs
The Wavefront proxy includes a preprocessor that applies rules before the log data is sent to our service. Logs store data in tags, that are key-value pairs. The rules listed below, update the log tag value.
Note: For details on how to configure the rules, see Rule Configuration File.
logReplaceRegex
Replaces content in the tag value.
Parameters| Parameter | Description |
|---|---|
| action | logReplaceRegex |
| scope | Rule applies to the value of the specified log tag key |
| search | Search pattern. All substrings matching this pattern are replaced with the replacement string. |
| replace | Replacement string. The empty string is allowed. Refer to a capturing group in the search regex using $ and its number (starting from 1). For example, use $1 to refer to the first group. |
| match (optional) | Regular expression. If specified, extract the tag only if the log tag matches this regular expression. |
| iterations (optional) | Number of iterations. Recursively check and recursively replace if the output string contains the search string until the number of iterations is reached. |
| firstMatchOnly (optional) | If set to true, performs string replacement only on the first matching log tag’s value. Only applicable when scope is a log tag. Default is false. |
# searches for the word foo on the tag value if the tag key is message, and replaces the word foo with bar.
- rule : test-logreplaceregex
action : logReplaceRegex
scope : message
search : foo
replace : bar
logForceLowercase
Converts the tag key to lowercase.
Parameters| Parameter | Description |
|---|---|
| action | logForceLowercase |
| scope | Rule applies to the value of the specified log tag key. |
| match (optional) | Regular expression. If specified, convert a tag to lower case only if its value matches this regular expression. |
# forces the sourceName tag key to lowercase: (sourcename)
- rule : test-logforcelowercase
action : logForceLowercase
scope : sourceName
logAddTag and logAddTagIfNotExists
Add a log tag to all logs.
logAddTagadds the new log tag and assigns the new value to it. If you want to update the value of a log tag, you need to drop the log tag and add it again.logAddTagIfNotExistsadds the log tag only if it does not already exist.
Note: You can add up to 100 log tags. Contact your account representative if this does not meet your requirements.
Parameters
| Parameter | Description |
|---|---|
| action | logAddTag logAddTagIfNotExists |
| key | New log tag name. |
| value | New log tag value. |
# adds customTag1:val1 to all the log data.
- rule : test-logaddannotation
action : logAddTag
key : customTag1
value : "val1"
################################################################
# adds customTag2:val2 if customTag1 does not already exist
# this rule will not be active because customTag1 was added in previous rule
- rule : test-logaddTagifnotexists
action : logAddTagIfNotExists
key : customTag1
value : "val2"
logDropTag
Removes a log tag that matches a regex string.
Parameters| Parameter | Description |
|---|---|
| action | logDropTag |
| key | Log tag name (or a regex matching the tag name). |
| match (optional) | If specified, remove a tag only if its value matches this regular expression. |
# drops the datacenter tag if the value matches az4, az5, az6.
- rule : test-logDropTag
action : logDropTag
key : datacenter
match : "az[4-6]"
logExtractTag and logExtractTagIfNotExists
Extract a string from a log tag name, or a tag tag value and create a new log tag from that string.
- For
logExtractTag, create the new log tag. - For
logExtractTagIfNotExists, do not create the new log tag if at least one tag with this name already exists.
| Parameter | Description |
|---|---|
| action | logExtractTag logExtractTagIfNotExists |
| key | New tag name. |
| input | Rule applies to the value of the specified log tag (annotation) key.</li> </ul> |
| match (optional) | Regular expression. If specified, extract a tag only if the log tag value matches this regular expression. |
| search | Regex pattern to extract the value from. |
| replace | String or pattern that will be used as a value for the new log tag. An empty string is allowed. Refer to a capturing group in the search regex using $ and its number (starting from 1). For example, use $1 to refer to the first group. |
| replaceInput (optional) | Modify the name of the input. Refer to a capturing group in the search regex using $ and its number (starting from 1). For example, use $1 to refer to the first group. |
# turns tagtoExtract:foobar to tagToExtract:fooar and extractedTag:b
- rule : test-logExtractAnnotation
action : logExtractAnnotation
key : extractedTag
input : tagToExtract
search : "(foo)(b)(ar)"
replace : "$2"
replaceInput : "$1$3"
# same as logExtractAnnotation. if tagToExtract already exist, this rule never runs because the tag is already there.
- rule : test-logextracttagifnotexists
action : logExtractAnnotationIfNotExists
key : extractedTag
input : tagToExtract
search : "(foo)(b)(ar)"
replace : "$1"
replaceInput : "$2$3"
logRenameTag
Renames a log tag. The renaming does not affect the values stored in a log.
Parameters| Parameter | Description |
|---|---|
| action | logRenameTag |
| key | The log tag to be renamed. |
| newkey | The new name for the log tag. |
| match (optional) | If specified, renames a log tag if its value matches this regular expression. |
# replaces the tag name myDevice with device
- rule : test-logrenameannotation
action : logRenameAnnotation
key : myDevice
newkey : device
logLimitLength
Truncate or drop log tags if tag value length exceeds the limit.
Available action subtypes are truncate, truncateWithEllipsis, and drop.
| Parameter | Description |
|---|---|
| action | loglimitLength |
| scope | Rule applies to the value of the specified log tag (annotation) key. |
| actionSubtype | Allows you to determine how we limit length:
|
| maxLength | The maximum length of a log tag value. The length of the input must be greater than the maxLength for rule to be applied. |
| match (optional) | Regular expression. If specified, remove a tag if its value matches this regular expression. |
# Truncate messages longer than 1000 characters
- rule : test-loglimitlength
action : logLimitLength
maxLength : 1000
scope : message
actionSubtype : truncate
logBlock
Defines a regex that the log tags must match to be filtered out.
Parameters| Parameter | Description |
|---|---|
| action | logBlock |
| scope | Rule applies to the value of the specified log tag key after the value is parsed.</li> </ul> |
| match | A regex pattern that input lines must match to be filtered out. |
# reject all logs that contain tagToBlockList:[only lower case alphabets]
- rule : test-logBlock
action : logBlock
match : "^[a-z]+"
scope : tagToBlockList
logAllow
Points must match the allow list to be accepted. Multiple allow rules are allowed. A log tag must match all rules.
| Parameter | Description |
|---|---|
| action | logAllow |
| scope | Rule applies to the value of the specified log tag key after the value is parsed.</li> </ul> |
| match | A regex pattern that input lines must match to be accepted. |
# only allow logs that contain tagToWhiteList:[only numbers]
- rule : test-logAllowRegex
action : logAllow
match : "^[0-9]+"
scope : tagToAllowList
# removes all annotations not in the specified list
- rule: test-logAllowAnnotations
action: logAllow
allow:
- customTag1
- tagToExtract
- extractedTag
- device
- tagToAllowList