Unomaly Output Plugin for Graylog
This plugin is intended for streaming logs to the Unomaly REST API, so that you can algorithmically detect anomalies
across your entire infrastructure.
Required Graylog version: 2.4.0 and later
Required Unomaly version: 2.27 and later
Download the plugin
and place the
.jar file in your Graylog plugin directory. The plugin directory
plugins/ folder relative from your
graylog-server directory by default
and can be configured in your
Configuration of Graylog
graylog-server and you are done.
The Unomaly plugin will be available in Graylog like any other output plugin. It can
for example be attached to one or more streams or processing pipelines.
The latter is the way to go if you need to perform record transformation, like
changing the source of a log event.
You can improve your development experience for the web interface part of your plugin
dramatically by making use of hot reloading. To do this, do the following:
Changing the source / key in Unomaly
git clone https://github.com/Graylog2/graylog2-server.git
ln -s $YOURPLUGIN plugin/
npm install && npm start
By default, this plugin will use the
source field in the Graylog events as
the source for events sent to Unomaly. This might not always be ideal if you
are using a microservice based architecture, most likely, you'd want to find
anomalies per microservice, rather than per container. You can change this
behavior by adding a pipeline with rule(s) in Graylog. Example follows
below where we mutate the event to have the
service_name field as the
source which Unomaly will see instead.
let new_src = to_string($message.service_name);
This project is using Maven 3 and requires Java 7 or higher.
- Clone this repository.
mvn package to build a JAR file.
- Optional: Run
mvn jdeb:jdeb and
mvn rpm:rpm to create a DEB and RPM package respectively.
- Copy generated JAR file in target directory to your Graylog plugin directory.
- Restart the Graylog.
We are using the maven release plugin:
$ mvn release:prepare
$ mvn release:perform
This sets the version numbers, creates a tag and pushes to GitHub. Travis CI will build the release artifacts and upload to GitHub automatically.
Bug reports and pull requests are welcome on GitHub at
https://github.com/unomaly/graylog-plugin-unomaly. This project is intended to
be a safe, welcoming space for collaboration.