This is a custom Logspout build that adds a sumo adapter so Logspout can forward to a SumoLogic HTTP Collector. This build does not include the raw or syslog adapters -- it is meant to be used to forward to SumoLogic and nothing else. It also includes code that attempts to parse logs as JSON and merge metadata, rather than encapsulating the JSON string in a single field.
This assumes that the unique token for the Sumo Logic HTTP Collector endpoint is in the environment as $SUMO_HTTP_TOKEN.
$ docker run -e DEBUG=1 \
-v /var/run/docker.sock:/tmp/docker.sock \
-e LOGSPOUT=ignore \
goodeggs/logspout-sumo:latest \
sumo://$SUMO_HTTP_TOKENParameters are added a querystring parameters to the sumo://... URI above, eg sumo://my-token/?host=edge. The following parameters are available:
host overrides the _sourceHost in Sumo. The default is to let Sumo choose (usually the public IP of the host).
name overrides the _sourceName in Sumo. The default is to let Sumo choose (usually "Http Input").
http.buffer.capacity controls the size of a buffer used to accumulate logs. The default capacity of the buffer is 100 logs.
http.buffer.timeout indicates after how much time the adapter will send the logs accumulated in the buffer if the buffer capacity hasn't been reached. The default timeout is 1000ms (1s).
If http.gzip is set to true, the logs will be compressed with GZIP. This is on by default since Sumo Logic supports it.
This assumes that the unique token for the Sumo Logic HTTP collector endpoint is in the environment as $SUMO_HTTP_TOKEN.
$ DEBUG=1 ROUTE=sumo://$SUMO_HTTP_TOKEN/?http.buffer.timeout=1s\&http.buffer.capacity=100 make devTo create some test messages
$ docker run --rm --name test ubuntu bash -c 'NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1); for i in `seq 1 10`; do echo $NEW_UUID Hello $i; sleep 1; done' && CID=$(docker ps -l -q)logspout-sumo builds on raychaser/logspout-http, so you should grok their README in addition to ours.