Console
Synopsis
Creates a console target that writes log messages to the standard output. Supports field normalization to various logging standards through the format property.
Schema
- id: <numeric>
name: <string>
description: <string>
type: console
status: <boolean>
pipelines: <pipeline[]>
properties:
format: <string>
Configuration
The following are the minimum requirements to define the target.
| Field | Required | Default | Description |
|---|---|---|---|
id | Y | Unique identifier | |
name | Y | Target name | |
description | N | - | Optional description |
type | Y | Must be console | |
pipelines | N | - | Optional post-processor pipelines |
status | N | true | Enable/disable the target |
format | N | - | Target format standard for field normalization: ecs, cim, asim, cef, leef, csl |
Format standards:
ecs | Elastic Common Schema |
cim | Common Information Model |
asim | Advanced Security Information Model |
cef | Common Event Format |
leef | Log Event Extended Format |
csl | Common Security Log |
note
If no format is specified, log messages will be written to the console without any field normalization.
warning
Using field normalization may impact the performance with high message volumes.
Examples
Basic
Console use without field normalization:
- id: 1
name: basic_console
type: console
ECS
Console use with ECS field normalization:
- id: 2
name: ecs_console
type: console
properties:
format: "ecs"
ASIM
Console use with ASIM field normalization:
- id: 3
name: asim_console
type: console
properties:
format: "asim"