impulse 2.1

U018 How to read custom XML, YAML or JSON logs

Attach, View Anaylze and Solve!

Markup language logs are usually based on XML, JSON or YAML. They have the advantage of a unique structure and provide tools to create, validate and read these structures. They also have the benefit that they can easily be converted into data structures of various programming languages.

The disadvantage of these formats is that they cannot be read as easily without tools as text line logs.

Even if the markup languages formats have a uniform syntactical structure, the individual formats differ considerably. The Log4j 1.2 XML format consists of XML fragments, where the information is mostly embedded in attributes. The Java Logging API format consists of a complete XML structure; all information is embedded as text in child elements.

The configurable impulse XML Log Reader, impulse JSON Log Reader, and impulse YAML Log Reader allow reading all typical types of markup
language based log formats and are supplied with a number of standard configurations like GELF and Log4J.

Log4j JSON Layout:

, {
  "thread" : "main",
  "level" : "INFO",
  "loggerName" : "de.toem.impulse.test.primary.Log1",
  "message" : " ACPI: Local APIC address 0xfee00000",
  "endOfBatch" : false,
  "loggerFqcn" : "org.apache.logging.log4j.spi.AbstractLogger",
  "instant" : {
    "epochSecond" : 1587458274,
    "nanoOfSecond" : 900000000
  },
  "threadId" : 1,
  "threadPriority" : 5
}
U016 Application Logging with impulse
RL03 XML Log Reader
RL04 JSON Log Reader
RL05 YAML Log Reader

Identify objects (JSON,YAML) and elements (XML)

The JSON log from above has 2 kind of objects. The log object and the inner time-stamp (instant) object. Both together build one log entry.

Very similar, the Log4j 1.2 XML element, an outer log entry and an inner message element:

<log4j:event logger="de.toem.impulse.test.primary.Log1" timestamp="1589182416309" level="DEBUG" thread="main"> />
<log4j:message><![CDATA[ rcu: ]]></log4j:message>
</log4j:event>

And very differnt the next example. The java logging XML has a structure of elements for all information and does not contains any attributes. 

<log>
<record>
 <date>2009-12-09T10:04:57</date>
 <millis>1260371097880</millis>
 <sequence>0</sequence>
 <logger>com.sun.deploy</logger>
 <level>FINE</level>
 <class>com.sun.deploy.util.LoggerTraceListener</class>
 <method>print</method>
 <thread>10</thread>
 <message>Reading certificates from 11108 http://pub.admc.com/modeler/modeler-pro.jar | /home/blaine/.java/deployment/cache/6.0/36/363eb424-1a174301.idx
</message>
</record>

...
</log>

The log configuration dialog shall reflect this structure.  The first element of the JSON example starts a new log sample. The second one (Timestamp) is part of this log entry, thus the log objects actions is set to "Add to previous sample" (Previous in terms of what was detected before). The last configured object is the "Ignore" pattern. This one is optional and make sense if you have other objects in the log, that shall not be captured. Otherwise an error is thrown for objects that are not part of the configuration.

H100 Attach - How to read my record file (wave file, log, trace,..)
  • impulse supports a lot of different file formats. To get an overview of your installed readers, open the Preferences view and navigate to impulse->Serializers.
  • To open a Workspace resource, double-click the record file (or use the context menu of the file).
  • Some readers require a configuration (e.g. CSV, PatternLog,..).
  • To add a configuration,
    1. Open the Preferences view and navigate to impulse->Serializers (or use the "Reload" button menu);
    2. Double-click the reader to open the readers preferences page;
    3. Press the "Add" button to add and configure the configuration.
  • To re-load a file with a different configuration,
    1. Enter the "Reload" button menu in the viewers toolbar;
    2. Select the configuration to re-load the file.
H101 Attach - What to do if my file type is not supported
  • If your file is not loaded (not identified as an impulse record file), first check our website if you need to install another extension (Products) to get the file supported.
  • If the file type is supported but not identified, please check if your file has the correct extension. See H102 to change the file extension.
  • If the file type is not supported, there are 4 options:
    1. If your file is a text log file with multiple text pattern, try the Pattern Log Reader (defines the content, using regular expressions).
    2. You can implement a reader in Java language (check the extension documentation) 
    3. Contact us to get a reader implemented.
    4. In case of reading signal data from a signal port (e.g. TCP, Memory, Serial Interface,..), you can use the Scripted Reader.
H102 Attach - How to change the file extension for a supported record type

impulse identifies a resource file by its extension and its content data. To change the file extension for a support record type:

  1. Open the Preferences view and enter General->Content Types;
  2. Open Element->Record and select the impulse content type (e.g. VCD Record)
  3. Press "Add" beside the field "File Associations";
  4. Enter the extension and press "OK".
H103 Attach - How to reload my file
To re-load a file:
  1. Click the "Reload" button in the viewers toolbar;
To re-load a file with a different configuration,
  1. Enter the "Reload" button menu in the viewers toolbar;
  2. Select the configuration to re-load the file.

Screen Cast: How to read custom XML, YAML or JSON logs

Download Tutorial Examples (Preference Wallet Uxxx.walMZ)

Identify Attributes (XML) and Variables (JSON, YAML) and map to members

In the next step, it is required to identify the attributes and variables.

JSON and YAML logs only have variables, XML structures have attributes and text elements.

In the JSON example, there are 'thread, level, loggerName, message, endOfBatch, loggerFqcn, threadId, threadPriority' for the main object. The timestamp has: 'epochSecond' and 'nanoOfSecond'.

Log signals are struct signal with multiple members.

Select member names and types for all variables that shall have a member in you log samples (e.g. the message).

  • Select the member names. You can select a predefined member names or enter custom ones.
  • For custom members you can define the member type and a descriptor. If custom members are used over multiple log elements, the type need to be identical.

Valid member types are:

  • Float,
  • Integer,
  • Text ,
  • or Enumeration.

The descriptor field can optionally contain a content or member descriptor:

  • a simple content descriptor e.g. "default", "state", event" or "label", ...
  • a complete member descriptor e.g. "default<df=Hex>" or "state<df=Text>"

For JSON values that shall not find their way into the signal structure, leave the the name blank or set type to 'None'.

The table below shows the extracted members.

Define the time-stamp

To define the time-stamp, first look at the domain base settings in the reader configuration dialog. For logs, you typically have 2 meaningful options; 'Time' or 'Date'. With 'Time' you focus on some kind of duration (e.g. seconds or nonoseconds); 'Date' gives you an absolute position in time using Year, Month, Day, Hours, Seconds and Milliseconds.

  • Domain Base: Select the domain base. This represents is smallest domain change (e.g. 1 ms).
  • Undefined : In case of hierarchical multi-object logs, you will have objects without domain information.
  • Date: You need to define the date format. Use the content proposals and http://docs.oracle.com/javase/6/docs/api/java/text/SimpleDateFormat.html. The parsing of the date value results into milliseconds after January 1, 1970 00:00:00 GMT.
  • Float domain value: Parse a float value, optionally parse the domain unit from the source value or assign a unit.
  • Integer domain value: Parse an integer value, optionally parse the domain unit from the source value or assign a unit.

There may be log elements without a domain value. In this case you may want to use:

  • Same as previous: Use the domain value of the previous sample (all signals).
  • Same as previous (per Signal): Use the domain value of the previous sample of the used signal.
  • Incrementing: Increment the domain value with every new sample (all signals).
  • Incrementing (per Signal): Increment the domain value with every new sample per signals.
  • Reception time: Use the current time in milliseconds after January 1, 1970 00:00:00 GMT as domain value.

You may extend the domain position with another source value like in our JSON case (e.g one value contains the seconds, another nanoseconds):

  • Undefined : Do not extend.
  • Float domain value: Parse a float value, optionally parse the domain unit from the source value or assign a unit. The domain extension value will be added to the main domain position.
  • Integer domain value: Parse an integer value, optionally parse the domain unit from the source value or assign a unit. The domain extension value will be added to the main domain position.

Define the signal naming scheme

Each single sample belongs to one signal. You can organize your samples into one or multiple signals (e.g. a signal per log source). The "Signal/Scope name" section allows to select the signal and scope naming scheme for each log element.

In most cases it makes sense to get the signal name from the log sources -  Thus all logs are organized by their source and it is easier a navigate and understand.

  • Undefined : Either all log samples get into one signal with the name "log" -- or this log element is part of a hierarchical multi-object log and the name information is not part of this element.
  • Explicit name : Define a signal name for all samples of this log element.
  • Explicit hierarchy : Define a signal/scope hierarchy for all samples of this log element. The signal and scope names are generated by splitting the value into its contents (e.g. the value "de.toem.logger" creates the scope/signal hierarchy de/toem/logger).
  • Name from source value : The value of the selected source is taken to define the signal name (.e.g. from the logger source).
  • Hierarchy from source value : The value of the selected source is taken to define the signal and scope names by splitting the value into its contents (e.g. the value "de.toem.logger" creates the scope/signal hierarchy de/toem/logger).

You may extend the naming scheme with another source value. If enabled, the value of the source will be put after the signal name (in parentheses).

XML vs JSON and YAML

The XML, JSON and YAML log readers are very much the same from the UI side. But there are slight differences.

The XML reader has this optional setting:

  • Read XML fragments: If checked, the reader will wrap the input content into a dummy root element.

If not checked, the reader will only accept well-formed XML. If checked, the reader wraps the received XML data into a dummy root element.

<dummy>
<log4j:event logger="de.toem.impulse.test.secondary.Log3" timestamp="1589182416306" level="WARN" thread="ThreadB">
<log4j:message><![CDATA[get Sinus Wave 0.9629702887498031]]></log4j:message>
</log4j:event>
</dummy>

Another difference is the text element. Text content can be mapped to members using this first psoido attribute ("XML Text").

All tutorials
More Resources
toem

technical software and tooling

Products

Company

Contact Us

This email address is being protected from spambots. You need JavaScript enabled to view it.