These derived columns are intended to be used alongside Honeytail to make it easier to visualize and understand your log data in Honeycomb.
Makes it easy to visualize errors using Honeycomb's default dashboards
IF(LTE($severity, 3), $message, "")
Converts the Syslog facility number into its corresponding facility name.
IF(EQUALS($facility, 0), "kern",
IF(EQUALS($facility, 1), "user",
IF(EQUALS($facility, 2), "mail",
IF(EQUALS($facility, 3), "daemon",
IF(EQUALS($facility, 4), "auth",
IF(EQUALS($facility, 5), "syslog",
IF(EQUALS($facility, 6), "lpr",
IF(EQUALS($facility, 7), "news",
IF(EQUALS($facility, 8), "uucp",
IF(EQUALS($facility, 9), "cron",
IF(EQUALS($facility, 10), "authpriv",
IF(EQUALS($facility, 11), "ftp",
IF(EQUALS($facility, 12), "ntp",
IF(EQUALS($facility, 13), "security",
IF(EQUALS($facility, 14), "console",
IF(EQUALS($facility, 15), "solaris-cron",
IF(EQUALS($facility, 16), "local0",
IF(EQUALS($facility, 17), "local1",
IF(EQUALS($facility, 18), "local2",
IF(EQUALS($facility, 19), "local3",
IF(EQUALS($facility, 20), "local4",
IF(EQUALS($facility, 21), "local5",
IF(EQUALS($facility, 22), "local6",
IF(EQUALS($facility, 23), "local7",
STRING($facility)
))))))))))))))))))))))))
Converts the Syslog severity field into a human readable name.
IF(EQUALS($severity, 0), "emergency",
IF(EQUALS($severity, 1), "alert",
IF(EQUALS($severity, 2), "critical",
IF(EQUALS($severity, 3), "error",
IF(EQUALS($severity, 4), "warning",
IF(EQUALS($severity, 5), "notice",
IF(EQUALS($severity, 6), "info",
IF(EQUALS($severity, 7), "debug",
STRING($severity)
))))))))