diff --git a/src/schemas/json/metricshub-connector.json b/src/schemas/json/metricshub-connector.json index 9cc55387b0b..678761a4834 100644 --- a/src/schemas/json/metricshub-connector.json +++ b/src/schemas/json/metricshub-connector.json @@ -554,6 +554,105 @@ "$ref": "#/definitions/resultContent" } } + }, + { + "properties": { + "type": { + "type": "string", + "const": "eventLog" + }, + "forceSerialization": { + "type": "boolean" + }, + "computes": { + "$ref": "#/definitions/computes" + }, + "executeForEachEntryOf": { + "$ref": "#/definitions/executeForEachEntryOf" + }, + "logName": { + "type": "string", + "description": "Windows Event Log name" + }, + "eventIds": { + "type": "array", + "description": "List of event IDs to filter", + "items": { + "type": "string" + } + }, + "sources": { + "type": "array", + "description": "List of event sources to filter", + "items": { + "type": "string" + } + }, + "levels": { + "type": "array", + "description": "List of event log levels to filter. Accepts level names (e.g., 'error', 'warn', 'info', 'success', 'failure') or numeric codes (1-5).", + "items": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer", + "minimum": 1, + "maximum": 5 + } + ] + } + }, + "maxEventsPerPoll": { + "type": "integer", + "description": "Maximum number of events to retrieve per poll (default: 50, -1 for unlimited)", + "default": 50 + } + } + }, + { + "properties": { + "type": { + "type": "string", + "const": "file" + }, + "forceSerialization": { + "type": "boolean" + }, + "computes": { + "$ref": "#/definitions/computes" + }, + "executeForEachEntryOf": { + "$ref": "#/definitions/executeForEachEntryOf" + }, + "paths": { + "type": "array", + "description": "File path patterns to read (e.g., C:\\logs\\*.log, /var/log/app/*.log). Supports wildcards.", + "items": { + "type": "string" + } + }, + "maxSizePerPoll": { + "oneOf": [ + { + "type": "integer", + "description": "Maximum number of bytes to read per polling cycle across all files (LOG mode). Use -1 for no limit. Default is 5 MB (5242880 bytes)." + }, + { + "type": "string", + "description": "Maximum size per poll as a string (e.g., '5Mb', '10MB'). Supports size units." + } + ], + "default": 5242880 + }, + "mode": { + "type": "string", + "description": "Processing mode: LOG for incremental reading with cursors, or FLAT for full-file read on each poll (default: LOG).", + "enum": ["LOG", "FLAT"], + "default": "LOG" + } + } } ] } diff --git a/src/schemas/json/metricshub.json b/src/schemas/json/metricshub.json index 3927aa43157..6820c395a3b 100644 --- a/src/schemas/json/metricshub.json +++ b/src/schemas/json/metricshub.json @@ -1300,6 +1300,49 @@ "default": 50 } } + }, + { + "properties": { + "type": { + "type": "string", + "const": "file" + }, + "forceSerialization": { + "type": "boolean" + }, + "computes": { + "$ref": "#/definitions/computes" + }, + "executeForEachEntryOf": { + "$ref": "#/definitions/executeForEachEntryOf" + }, + "paths": { + "type": "array", + "description": "File path patterns to read (e.g., C:\\logs\\*.log, /var/log/app/*.log). Supports wildcards.", + "items": { + "type": "string" + } + }, + "maxSizePerPoll": { + "oneOf": [ + { + "type": "integer", + "description": "Maximum number of bytes to read per polling cycle across all files (LOG mode). Use -1 for no limit. Default is 5 MB (5242880 bytes)." + }, + { + "type": "string", + "description": "Maximum size per poll as a string (e.g., '5Mb', '10MB'). Supports size units." + } + ], + "default": 5242880 + }, + "mode": { + "type": "string", + "description": "Processing mode: LOG for incremental reading with cursors, or FLAT for full-file read on each poll (default: LOG).", + "enum": ["LOG", "FLAT"], + "default": "LOG" + } + } } ] } diff --git a/src/test/metricshub-connector/metricshub-connector.yaml b/src/test/metricshub-connector/metricshub-connector.yaml index 5fa9f9c01ea..3f58d797d24 100644 --- a/src/test/metricshub-connector/metricshub-connector.yaml +++ b/src/test/metricshub-connector/metricshub-connector.yaml @@ -802,3 +802,47 @@ monitors: hw.status{hw.type="battery"}: $7 legacyTextParameters: StatusInformation: $8 + event_log: + simple: + sources: + systemEvents: + type: eventLog + logName: System + eventIds: ['1001', '1002', '6008'] + sources: ['Microsoft-Windows-Kernel-General', 'EventLog'] + levels: [error, warning, 1, 2] + maxEventsPerPoll: 100 + applicationEvents: + type: eventLog + logName: Application + eventIds: + - '1001' + - '1002' + levels: + - information + - warning + - error + maxEventsPerPoll: 50 + mapping: + source: ${source::systemEvents} + metrics: + windows.event.count: $1 + file_log: + simple: + sources: + logFileReader: + type: file + paths: ['C:\\logs\\*.log', '/var/log/app/*.log'] + mode: LOG + maxSizePerPoll: 10485760 + flatFileReader: + type: file + paths: + - '/var/log/system.log' + - '/var/log/application.log' + mode: FLAT + maxSizePerPoll: '5Mb' + mapping: + source: ${source::logFileReader} + metrics: + log.lines.count: $1 diff --git a/src/test/metricshub/metricshub.yaml b/src/test/metricshub/metricshub.yaml index 3a85d4cb6c2..8c4ac4b17db 100644 --- a/src/test/metricshub/metricshub.yaml +++ b/src/test/metricshub/metricshub.yaml @@ -623,3 +623,22 @@ resourceGroups: source: ${source::monitors.windowsEventLog.collect.sources.systemEvents} metrics: windows.event.count: $1 + fileLogMonitor: + collect: + sources: + logFileReader: + type: file + paths: ['C:\\logs\\*.log', '/var/log/app/*.log'] # File path patterns with wildcards + mode: LOG # LOG for incremental reading, FLAT for full-file read + maxSizePerPoll: 10485760 # 10 MB per poll (can also use string like '10Mb') + flatFileReader: + type: file + paths: + - '/var/log/system.log' + - '/var/log/application.log' + mode: FLAT # Full-file read on each poll + maxSizePerPoll: '5Mb' # String format with size unit + mapping: + source: ${source::monitors.fileLogMonitor.collect.sources.logFileReader} + metrics: + log.lines.count: $1