How to remap custom severity values to the official log status?

How to remap custom severity values to the official log status?

By default, the Log Status Remapper relies on the Syslog severity standards. However there might be other systems having different severity values that you might want to remap on the official log status. This is possible thanks to the Category Processor that defines a mapping between your custom values and the expected ones.

In this article, we show how to do this with 2 examples: Bunyan levels and web access logs.

Web access logs

The status code of the request can be used to determine the log status. Our integrations use the following mapping:

  • 2xx: OK
  • 3xx: Notice
  • 4xx: Warning
  • 5xx: Error

Let’s assume the status code of your log is stored in the http.status_code attribute. Add a Category Processor in your Pipeline that creates a new attribute to reflect the above mapping:

Then add a status remapper that uses the newly created attribute:

Bunyan levels

Bunyan levels are similar to those of Syslog, but their values are multiplied by 10.

  • 10 = TRACE
  • 20 = DEBUG
  • 30 = INFO
  • 40 = WARN
  • 50 = ERROR
  • 60 = FATAL

Let’s assume the bunyan level is stored in the bunyan_level attribute. Add a Category Processor in your Pipeline that creates a new attribute to reflect the above mapping:

Then add a status remapper that uses the newly created attribute:

Further Reading