The agent uses Starlark as a configuration language. Starlark is a dialect of Python and allows us to define subroutines to process data extracted from various sources. We can collect definitions into modules to organize configuration and share it between several hosts. These scripts are partable, and we can run them on various platforms without changes.
Configuration consists of the creation of various primitive objects, combining them into bigger ones and finally passing them to the main subroutine.
File collector monitors one or more text files, handles log file rotation, recognizes adding new files, etc.
Script collector. It executes a configurable command and collects its output. The command started according to some schedule or in "follow" mode.
Windows event collector. It is the platform-specific collector and allows us to integrate with the standard Windows event subsystem.
Host metrics collector. It collects standard host metrics such as CPU load, available memory, disk space, etc.
Custom collector. This collector allows you to define a function in Starlark. For example, we could query an HTTP endpoint, analyze the response and send a log message or user-defined metrics.
The data collected by collectors may be passed to one or more processors.
JSON processor. Converts text log messages into JSON format.
Regexp processor. Parsers text log messages according to user-defined Regexp.
Unwrap processor. Extracts a field from a JSON message.
AddTags processor. Annotate a log message by set of tags.