Remap Custom Severity Values to the Official Log Status

By default, the Log Status Remapper relies on the Syslog severity standards. However there might be other systems having different severity values that you might want to remap on the official log status. This is possible thanks to the Category Processor that defines a mapping between your custom values and the expected ones.

This page describes how to do this with 2 examples: Bunyan levels and web access logs.

Web access logs

The status code of the request can be used to determine the log status. Datadog integrations use the following mapping:

  • 2xx: OK
  • 3xx: Notice
  • 4xx: Warning
  • 5xx: Error

Assume the status code of your log is stored in the http.status_code attribute. Add a Category Processor in your Pipeline that creates a new attribute to reflect the above mapping:

Category Processor

Then add a status remapper that uses the newly created attribute:

log status remapper

Bunyan levels

Bunyan levels are similar to those of Syslog, but their values are multiplied by 10.

  • 10 = TRACE
  • 20 = DEBUG
  • 30 = INFO
  • 40 = WARN
  • 50 = ERROR
  • 60 = FATAL

Assume the bunyan level is stored in the bunyan_level attribute. Add a Category Processor in your Pipeline that creates a new attribute to reflect the above mapping:

category Processor bunyan

Then add a status remapper that uses the newly created attribute:

log status remapper bunyan

Further Reading

PREVIEWING: safchain/fix-custom-agent