#1924: [don't merge until ~Oct] Notion Logs (Beta)
Change request updated
Overview
Panther supports onboarding GitLab logs using Data Transport mechanisms. Audit logs can be ingested with the HTTP Source, while other GitLab logs can be ingested with Amazon Web Services (AWS) S3 and SQS.
How to onboard GitLab Audit Streaming logs to Panther
schema:GitLab.APIdescription:|- GitLab log for API requests received from GitLab. NOTE: We are using the latest version of GitLab API logs. Some fields differ from the official documentationreferenceURL:https://docs.gitlab.com/ee/administration/logs.html#api_jsonlogfields: - name:timerequired:truedescription:The request timestamptype:timestamptimeFormats: - rfc3339isEventTime:true - name:severityrequired:truedescription:The log leveltype:string - name:duration_srequired:truedescription:The time spent serving the request (in seconds)type:float - name:db_duration_sdescription:The time spent querying the database (in seconds)type:float - name:view_duration_sdescription:The time spent rendering the view for the Rails controller (in seconds)type:float - name:statusrequired:truedescription:The HTTP response status codetype:smallint - name:methodrequired:truedescription:The HTTP method of the requesttype:string - name:pathrequired:truedescription:The URL path for the requesttype:string - name:paramsdescription:The URL query parameterstype:arrayelement:type:objectfields: - name:keyrequired:truedescription:Query parameter nametype:string - name:valuedescription:Query parameter valuetype:json - name:hostrequired:truedescription:Hostname serving the requesttype:stringindicators: - hostname - name:uadescription:User-Agent HTTP headertype:string - name:routerequired:truedescription:Rails route for the API endpointtype:string - name:remote_ipdescription:The remote IP address of the HTTP requesttype:stringindicators: - ip - name:user_iddescription:The user id of the requesttype:bigint - name:usernamedescription:The username of the requesttype:stringindicators: - username - name:gitaly_callsdescription:Total number of calls made to Gitalytype:bigint - name:gitaly_duration_sdescription:Total time taken by Gitaly callstype:float - name:redis_callsdescription:Total number of calls made to Redistype:bigint - name:redis_duration_sdescription:Total time to retrieve data from Redistype:float - name:correlation_iddescription:Request unique id across logstype:stringindicators: - trace_id - name:queue_duration_sdescription:Total time that the request was queued inside GitLab Workhorsetype:float - name:meta.userdescription:User that invoked the requesttype:stringindicators: - username - name:meta.projectdescription:Project associated with the requesttype:string - name:meta.root_namespacedescription:Root namespacetype:string - name:meta.caller_iddescription:Caller IDtype:string
GitLab.Audit
Multi-use schema for GitLab audit events, from both self-hosted audit log files and GitLab's audit event streaming feature.
schema:GitLab.Auditdescription:'Multi-use schema for GitLab audit events both from self-hosted audit log files, as well as GitLab''s audit event streaming feature: https://docs.gitlab.com/ee/administration/audit_event_streaming.html'referenceURL:https://docs.gitlab.com/ee/administration/logs.html#audit_jsonlogfields: - name:severitydescription:The log level. Present only in audit log files.type:string - name:timedescription:The event timestamp. Present only in audit log files.type:timestamptimeFormats: - rfc3339isEventTime:true - name:author_idrequired:truedescription:User id that made the changetype:bigint - name:entity_idrequired:truedescription:Id of the entity that was modifiedtype:bigint - name:entity_typerequired:truedescription:Type of the modified entitytype:string - name:changedescription:Type of change to the settings. Present only in audit log files.type:string - name:fromdescription:Old setting value. Present only in audit log files.type:string - name:todescription:New setting value. Present only in audit log files.type:string - name:author_namerequired:truedescription:Name of the user that made the changetype:string - name:target_idrequired:truedescription:Target id of the modified settingtype:bigint - name:target_typerequired:truedescription:Target type of the modified settingtype:string - name:target_detailsrequired:truedescription:Details of the target of the modified settingtype:string - name:created_atdescription:Timestamp when event was triggered. Present only in audit event streamingtype:timestamptimeFormats: - rfc3339isEventTime:true - name:detailsdescription:JSON object containing additional metadata. Present only in audit event streamingtype:json - name:entity_pathdescription:Full path of the entity affected by the auditable event. Present only in audit event streamingtype:string - name:event_typedescription:String representation of the type of audit event. Present only in audit event streamingtype:string - name:iddescription:Unique identifier for the audit event. Present only in audit event streamingtype:bigint - name:ip_addressdescription:IP address of the host used to trigger the event. Present only in audit event streamingtype:stringindicators: - ip
GitLab.Exceptions
GitLab log file containing changes to group or project settings
schema:GitLab.Exceptionsdescription:GitLab log file containing changes to group or project settingsreferenceURL:https://docs.gitlab.com/ee/administration/logs.html#exceptions_jsonlogfields: - name:severityrequired:truedescription:The log leveltype:string - name:timerequired:truedescription:The event timestamptype:timestamptimeFormats: - rfc3339isEventTime:true - name:correlation_iddescription:Request unique id across logstype:stringindicators: - trace_id - name:extra.serverdescription:Information about the server on which the exception occurredtype:objectfields: - name:osdescription:Server OS infotype:objectfields: - name:namedescription:OS nametype:string - name:versiondescription:OS versiontype:string - name:builddescription:OS buildtype:string - name:runtimedescription:Runtime executing gitlab codetype:objectfields: - name:namedescription:Runtime nametype:string - name:versiondescription:Runtime versiontype:string - name:extra.project_iddescription:Project id where the exception occurredtype:bigint - name:extra.relation_keydescription:Relation on which the exception occurredtype:string - name:extra.relation_indexdescription:Relation index on which the exception occurredtype:bigint - name:exception.classrequired:truedescription:Class name of the exception that occurredtype:string - name:exception.messagerequired:truedescription:Message of the exception that occurredtype:string - name:exception.backtracedescription:Stack trace of the exception that occurredtype:arrayelement:type:string
GitLab.Git
GitLab log file containing all failed requests from GitLab to Git repositories.
schema:GitLab.Integrationsdescription:GitLab log with information about integrations activities such as Jira, Asana, and Irker services.referenceURL:https://docs.gitlab.com/ee/administration/logs.html#integrations_jsonlogfields: - name:severityrequired:truedescription:The log leveltype:string - name:timerequired:truedescription:The event timestamptype:timestamptimeFormats: - rfc3339isEventTime:true - name:service_classrequired:truedescription:The class name of the integrated servicetype:string - name:project_idrequired:truedescription:The project id the integration was running ontype:bigint - name:project_pathrequired:truedescription:The project path the integration was running ontype:string - name:messagerequired:truedescription:The log message from the servicetype:string - name:client_urlrequired:truedescription:The client url of the servicetype:stringindicators: - url - name:errordescription:The error name if an error has occurredtype:string
GitLab.Production
GitLab log for Production controller requests received from GitLab
schema:GitLab.Productiondescription:GitLab log for Production controller requests received from GitLabreferenceURL:https://docs.gitlab.com/ee/administration/logs.html#production_jsonlogfields: - name:methodrequired:truedescription:The HTTP method of the requesttype:string - name:pathrequired:truedescription:The URL path for the requesttype:string - name:formatdescription:The response output formattype:string - name:controllerdescription:The Production controller class nametype:string - name:actiondescription:The Production controller actiontype:string - name:statusrequired:truedescription:The HTTP response status codetype:bigint - name:timerequired:truedescription:The request timestamptype:timestamptimeFormats: - rfc3339isEventTime:true - name:paramsdescription:The URL query parameterstype:arrayelement:type:objectfields: - name:keyrequired:truedescription:Query parameter nametype:string - name:valuedescription:Query parameter valuetype:json - name:remote_ipdescription:The remote IP address of the HTTP requesttype:stringindicators: - ip - name:user_iddescription:The user id of the requesttype:bigint - name:usernamedescription:The username of the requesttype:stringindicators: - username - name:uadescription:The User-Agent of the requestertype:string - name:queue_duration_sdescription:Total time that the request was queued inside GitLab Workhorsetype:float - name:gitaly_callsdescription:Total number of calls made to Gitalytype:bigint - name:gitaly_duration_sdescription:Total time taken by Gitaly callstype:float - name:redis_callsdescription:Total number of calls made to Redistype:bigint - name:redis_duration_sdescription:Total time to retrieve data from Redistype:float - name:redis_read_bytesdescription:Total bytes read from Redistype:bigint - name:redis_write_bytesdescription:Total bytes written to Redistype:bigint - name:correlation_iddescription:Request unique id across logstype:stringindicators: - trace_id - name:cpu_sdescription:Total time spent on CPUtype:float - name:db_duration_sdescription:Total time to retrieve data from PostgreSQLtype:float - name:view_duration_sdescription:Total time taken inside the Rails viewstype:float - name:duration_srequired:truedescription:Total time taken to retrieve the requesttype:float - name:meta.caller_iddescription:Caller IDtype:string - name:locationdescription:(Applies only to redirects) The redirect URLtype:string - name:exception.classdescription:Class name of the exception that occurredtype:string - name:exception.messagedescription:Message of the exception that occurredtype:string - name:exception.backtracedescription:Stack trace of the exception that occurredtype:arrayelement:type:string - name:etag_routedescription:Route name etag (on redirects)type:string