Starting in Boundary 0.5.0, a variety of event types (error, observation,
system, etc) are emitted from Boundary. Boundary events can be emitted in
several formats including cloudevents and
hclog, and can be encoded as text and
json.
Boundary allows you to configure any number of
sinks, where these events will be
written. When configuring an event sink, you can specify common sink
parameters which include both
allow_filters and deny_filters which use the standard filter
syntax used
elsewhere in Boundary.
Example events encoded as cloudevents-text. The first event is a system event
and the second event is an observation event.
{"id":"DU7u227Jhc","source":"https://hashicorp.com/boundary/dev-controller/boundary-dev","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"worker.(Worker).createClientConn","data":{"address":"127.0.0.1:9201","msg":"connected to controller"}},"datacontentype":"text/plain","time":"2021-08-05T18:00:05.303435-04:00"}{"id":"s5ESg6CckX","source":"https://hashicorp.com/boundary/dev-controller/boundary-dev","specversion":"1.0","type":"observation","data":{"latency-ms":202.995176,"request_info":{"id":"gtraceid_WiLnGzc2UHmNAYlcQ0sK","method":"POST","path":"/v1/auth-methods/ampw_1234567890:authenticate"},"start":"2021-08-05T18:00:34.032333-04:00","status":200,"stop":"2021-08-05T18:00:34.235335-04:00","version":"v0.1"},"datacontentype":"text/plain","time":"2021-08-05T18:00:34.235357-04:00"}
{"id":"DU7u227Jhc","source":"https://hashicorp.com/boundary/dev-controller/boundary-dev","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"worker.(Worker).createClientConn","data":{"address":"127.0.0.1:9201","msg":"connected to controller"}},"datacontentype":"text/plain","time":"2021-08-05T18:00:05.303435-04:00"}{"id":"s5ESg6CckX","source":"https://hashicorp.com/boundary/dev-controller/boundary-dev","specversion":"1.0","type":"observation","data":{"latency-ms":202.995176,"request_info":{"id":"gtraceid_WiLnGzc2UHmNAYlcQ0sK","method":"POST","path":"/v1/auth-methods/ampw_1234567890:authenticate"},"start":"2021-08-05T18:00:34.032333-04:00","status":200,"stop":"2021-08-05T18:00:34.235335-04:00","version":"v0.1"},"datacontentype":"text/plain","time":"2021-08-05T18:00:34.235357-04:00"}
If I wanted to filter an event sink which was configured for every event type to
only include the above events, I might use the following sink configuration:
sink "stderr" = {
name = "all-events"
description = "All events sent to stderr"
event_types = ["*"]
format = "cloudevents-text"
allow_filters = [
'"/Data/request_info/Path" contains ":authenticate"'
'"/Data/Op" contains ".createClientConn"'
]
# note: deny_filters are also supported.
}
sink "stderr" = { name = "all-events" description = "All events sent to stderr" event_types = ["*"] format = "cloudevents-text" allow_filters = [ '"/Data/request_info/Path" contains ":authenticate"' '"/Data/Op" contains ".createClientConn"' ] # note: deny_filters are also supported.}
When running boundary dev the example allow filter can be given via:
Double quotes are part of the filter syntax; when using the CLI, it is likely
easier to surround the filter with single quotes than to deal with escaping
double quotes.
Both -event-allow-filter and -event-deny-filter command flags are
supported for the boundary dev command.
