Loggly

Loggly API client for the Ruby programming language.

Installation

Add this line to your application's Gemfile:

gem 'loggly-rb', :require => 'loggly'

And then execute:

$ bundle

Or install it yourself as:

$ gem install loggly-rb

Usage

Connect

Simple connection method for Loggly authorization.

Required Connections Parameters:

params = { :uri => "http://<account>.loggly.com",
           :username => <username>,
           :password => <password> }

Connect:

Authorize the Loggly API with Loggy.connect(params)

Search

The Loggly API provides a simple interface to perform searches.

Single Field

The query :q => { :'loggly.tag' => "bar" } outputs to loggly.tag:bar

Multiple Fields

There are multiple methods for performing more complex searches.

AND Method Only, for now

:q => {
  :'loggly.tag' => "bar",
  :'other.loggly.tag' => "baz"
}

outputs to loggly.tags:bar AND other.loggly.tags:baz

Interfacing with API:

Loggly::Event.all(:q => { :'loggly.tags' => "bar" }) returns an array of events.

Search Endpoint Parameters:

:q - optional - query string. Defaults to "*".
:from - optional - Start time for the search. Defaults to -24h.
:until - optional - End time for the search. Defaults to now.
:order - optional - Direction of results returned, either asc or desc. Defaults to desc.
:per_page - optional - Number of rows returned by search. Defaults to 25.

Check the official Loggy documentation for more assistance.

Events

Each Event has a Response and attributes that match the Loggly fields.

Response

 {:total_events=>3292470,
  :page=>0,
  :events=>
  [{:tags=>["chipper", "frontend"],
    :timestamp => 1377431712208,
    :logmsg => "{\timestamp\: \13-08-25 11:55:12,208191\, \baremsg\: \Alert is due to run\}"",
      :event=>
      {:syslog=>
        {:priority=>142,
         :timestamp=>"2013-08-25T11:55:12.208596+00:00",
         :host=>"frontend01",
         :severity=>"Informational",
         :facility=>"local use 1"
        },
        :json=>
          {:timestamp=>13-08-25 11:55:12,208191,
           :baremsg=>"is due to run",
           :level=>"INFO"
          }
      },
      :logtypes=>["syslog", "json"],
      :id=>"c693c674-0d7d-11e3-80e9-20ae90200ddd"
    }]
  }

total_events - Total number of matching events for the entire time range
page - Which page of the result set
tags - An Array of any tags associated with the event
timestamp - See timestamps to understand how a reference timestamps is derived.
logmsg - The message portion of the log event. (Any headers aren't included.)
event - Any parsed fields are included.
logtypes - An array of log types that were detected.
id - Loggly's event ID.

Try the following to get an array of all the event attributes:

events = Loggly::Event.all
events.collect {|event| event.attributes}

TODO

Sending Data
Retrieve Account Information
Field Search
OR, NOT and TO search functionality
Filter Search by field
Command Line Tools

Contributing

Fork it ( http://github.com//loggly/fork )
Create your feature branch (git checkout -b my-new-feature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create new Pull Request

loggly-rb

Development

Runtime