fluent-plugin-lm-logs 1.2.5 → 1.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6acf353e0cbb1783eb22109eb555acad23540bade16fbca72a24bf96a030b906
-  data.tar.gz: f87a8c226c61db34ee0dd2b5b5fe2e77ab7e1f2f51bf9b9ac2e5e378dbacb714
+  metadata.gz: 377dc56ec3f62bb91303431bbba701b179e5c5540feb4af72cfd91c27ac7b930
+  data.tar.gz: 80317f28d2cbe4a3315d715a408212c9d047874416e6e9b0fad84719fe6e4c76
 SHA512:
-  metadata.gz: 916a3d78c9c0ddaed1b9ed4fb943c61f9132cfffe97782339c0d7afa9d38cde0949251946264b167d5deb9f69752711f4d8a21ac57fb26b60eeafe3d1481d2bf
-  data.tar.gz: cd7f8a0388cf9f81c79638313bddeb4d01e69f3f072b803cd11d39f7b3dc5df7a9f8165fd225fc0cd8a938689ab6d1f92304746a97ea6a136dd55354876696e4
+  metadata.gz: 5fd55fb16669b87f4118e3a3617042974829ebb765cf6396909c18573840661415740cb448621e0ed1c36896882a3dc6b43a9ae93b163fdce849cd39fd47b181
+  data.tar.gz: 83fdf0fe55a63007ba22f7bd9c1d447dc984cd2f741454c9746edef91a902a3020a68c04eb5b05df3ab9c2920079b27434d73e9c8b61a5ef195757c6866f1525

data/README.md

@@ -23,8 +23,9 @@ Create a custom `fluent.conf` or edit the existing one to specify which logs sho
     resource_mapping {"<event_key>": "<lm_property>"}
     company_name <lm_company_name>
     company_domain <lm_company_domain>
-	access_id <lm_access_id>
+    access_id <lm_access_id>
     access_key <lm_access_key>
+    resource_type <resource_type>
       <buffer>
         @type memory
         flush_interval 1s
@@ -68,7 +69,8 @@ See the [LogicMonitor Helm repository](https://github.com/logicmonitor/k8s-helm-
 | `resource_mapping` | The mapping that defines the source of the log event to the LM resource. In this case, the `<event_key>` in the incoming event is mapped to the value of `<lm_property>`.|
 | `access_id` | LM API Token access ID. |
 | `access_key` | LM API Token access key. |
-| `bearer_token` | LM API Bearer Token. Either specify `access_id` and `access_key` both or `bearer_token`. If all specified, LMv1 token(`access_id` and `access_key`) will be used for authentication with Logicmonitor.   |
+| `resource_type` | If a Resource Type is explicitly specified, that value will be statically applied to all ingested logs. If set to `##predef.externalResourceType##`, the Resource Type will be assigned dynamically based on the log context or configuration. If left blank, the Resource Type field will remain unset in the ingested logs. |
+| `bearer_token` | LM API Bearer Token. Either specify `access_id` and `access_key` both or `bearer_token`. If all specified, LMv1 token(`access_id` and `access_key`) will be used for authentication with Logicmonitor. |
 | `flush_interval` | Defines the time in seconds to wait before sending batches of logs to LogicMonitor. Default is `60s`. |
 | `debug` | When `true`, logs more information to the fluentd console. |
 | `force_encoding` | Specify charset when logs contains invalid utf-8 characters. |

data/fluent-plugin-lm-logs.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.metadata["source_code_uri"]    = "https://github.com/logicmonitor/lm-logs-fluentd"
   spec.metadata["documentation_uri"]  = "https://www.rubydoc.info/gems/lm-logs-fluentd"
 
-  spec.files         = [".gitignore", "Gemfile", "LICENSE", "README.md", "Rakefile", "fluent-plugin-lm-logs.gemspec", "lib/fluent/plugin/version.rb", "lib/fluent/plugin/out_lm.rb", "lib/fluent/plugin/environment_detector.rb"]
+  spec.files         = [".gitignore", "Gemfile", "LICENSE", "README.md", "Rakefile", "fluent-plugin-lm-logs.gemspec", "lib/fluent/plugin/version.rb", "lib/fluent/plugin/out_lm.rb"]
   spec.require_paths = ["lib"]
   spec.required_ruby_version = '>= 2.0.0'
 

data/lib/fluent/plugin/out_lm.rb

@@ -10,293 +10,260 @@ require 'net/http'
 require 'net/http/persistent'
 require 'net/https'
 require('zlib')
-require_relative 'environment_detector'
 
 require_relative "version"
 
 
 
 module Fluent
-  class LmOutput < BufferedOutput
-    Fluent::Plugin.register_output('lm', self)
+  module Plugin
+    class LmOutput < Fluent::Plugin::Output
+      Fluent::Plugin.register_output('lm', self)
 
-    RESOURCE_MAPPING_KEY      = "_lm.resourceId".freeze
-    DEVICELESS_KEY_SERVICE    = "resource.service.name".freeze
-    DEVICELESS_KEY_NAMESPACE  = "resource.service.namespace".freeze
+      RESOURCE_MAPPING_KEY      = "_lm.resourceId".freeze
+      DEVICELESS_KEY_SERVICE    = "resource.service.name".freeze
+      DEVICELESS_KEY_NAMESPACE  = "resource.service.namespace".freeze
 
-    # config_param defines a parameter. You can refer a parameter via @path instance variable
+      # config_param defines a parameter. You can refer a parameter via @path instance variable
 
-    config_param :access_id,  :string, :default => nil
+      config_param :access_id,  :string, :default => nil
 
-    config_param :access_key,  :string, :default => nil, secret: true
+      config_param :access_key,  :string, :default => nil, secret: true
 
-    config_param :company_name,  :string, :default => "company_name"
+      config_param :company_name,  :string, :default => "company_name"
 
-    config_param :resource_mapping,  :hash, :default => {"host": "system.hostname", "hostname": "system.hostname"}
+      config_param :resource_mapping,  :hash, :default => {"host": "system.hostname", "hostname": "system.hostname"}
 
-    config_param :debug,  :bool, :default => false
+      config_param :debug,  :bool, :default => false
 
-    config_param :include_metadata,  :bool, :default => false
+      config_param :include_metadata,  :bool, :default => false
 
-    config_param :force_encoding,  :string, :default => ""
+      config_param :force_encoding,  :string, :default => ""
 
-    config_param :compression,  :string, :default => ""
+      config_param :compression,  :string, :default => ""
 
-    config_param :log_source,  :string, :default => "lm-logs-fluentd"
+      config_param :log_source,  :string, :default => "lm-logs-fluentd"
 
-    config_param :version_id,  :string, :default => "version_id"
+      config_param :version_id,  :string, :default => "version_id"
 
-    config_param :device_less_logs,  :bool, :default => false
+      config_param :device_less_logs,  :bool, :default => false
 
-    config_param :http_proxy,   :string, :default => nil
+      config_param :http_proxy,   :string, :default => nil
 
-    config_param :company_domain ,  :string, :default => "logicmonitor.com"
+      config_param :company_domain ,  :string, :default => "logicmonitor.com"
 
-    config_param :resource_type,  :string, :default => ""
+      config_param :resource_type,  :string, :default => ""
+      # Use bearer token for auth.
+      config_param :bearer_token, :string, :default => nil, secret: true
 
-    # Use bearer token for auth.
-    config_param :bearer_token, :string, :default => nil, secret: true
-
-    # This method is called before starting.
-    # 'conf' is a Hash that includes configuration parameters.
-    # If the configuration is invalid, raise Fluent::ConfigError.
-    def configure(conf)
-      super
-    end
+      # This method is called before starting.
+      # 'conf' is a Hash that includes configuration parameters.
+      # If the configuration is invalid, raise Fluent::ConfigError.
+      def configure(conf)
+        super
+      end
 
-    def multi_workers_ready?
-      true
-    end
+      def multi_workers_ready?
+        true
+      end
 
-    # This method is called when starting.
-    # Open sockets or files here.
-    def start
-      super
-      configure_auth
-      proxy_uri = :ENV
-      if @http_proxy
-        proxy_uri = URI.parse(http_proxy)
-      elsif ENV['HTTP_PROXY'] || ENV['http_proxy']
-        log.info("Using HTTP proxy defined in environment variable")
+      # This method is called when starting.
+      # Open sockets or files here.
+      def start
+        super
+        configure_auth
+        proxy_uri = :ENV
+        if @http_proxy
+          proxy_uri = URI.parse(http_proxy)
+        elsif ENV['HTTP_PROXY'] || ENV['http_proxy']
+          log.info("Using HTTP proxy defined in environment variable")
+        end
+        @http_client = Net::HTTP::Persistent.new name: "fluent-plugin-lm-logs", proxy: proxy_uri
+        @http_client.override_headers["Content-Type"] = "application/json"
+        @http_client.override_headers["User-Agent"] = log_source + "/" + LmLogsFluentPlugin::VERSION
+        @url = "https://#{@company_name}.#{@company_domain}/rest/log/ingest"
+        @uri = URI.parse(@url)
       end
-      @http_client = Net::HTTP::Persistent.new name: "fluent-plugin-lm-logs", proxy: proxy_uri
-      @http_client.override_headers["Content-Type"] = "application/json"
-      @http_client.override_headers["User-Agent"] = log_source + "/" + LmLogsFluentPlugin::VERSION
-      @url = "https://#{@company_name}.#{@company_domain}/rest/log/ingest"
-      @uri = URI.parse(@url)
-      @detector = EnvironmentDetector.new
-      @environment_info = @detector.detect
-      @local_env_str = format_environment(@environment_info)
-
-      log.info("Environment detected: #{@environment_info}")
-    end
 
-    def configure_auth
-      @use_bearer_instead_of_lmv1 = false
-      if is_blank(@access_id) || is_blank(@access_key)
-        log.info "Access Id or access key blank / null. Using bearer token for authentication."
-        @use_bearer_instead_of_lmv1 = true
+      def configure_auth
+        @use_bearer_instead_of_lmv1 = false
+        if is_blank(@access_id) || is_blank(@access_key)
+          log.info "Access Id or access key blank / null. Using bearer token for authentication."
+          @use_bearer_instead_of_lmv1 = true
+        end
+        if @use_bearer_instead_of_lmv1 && is_blank(@bearer_token)
+          log.error "Bearer token not specified. Either access_id and access_key both or bearer_token must be specified for authentication with Logicmonitor."
+          raise ArgumentError, 'No valid authentication specified. Either access_id and access_key both or bearer_token must be specified for authentication with Logicmonitor.'
+        end
       end
-      if @use_bearer_instead_of_lmv1 && is_blank(@bearer_token)
-        log.error "Bearer token not specified. Either access_id and access_key both or bearer_token must be specified for authentication with Logicmonitor."
-        raise ArgumentError, 'No valid authentication specified. Either access_id and access_key both or bearer_token must be specified for authentication with Logicmonitor.'
+      # This method is called when shutting down.
+      # Shutdown the thread and close sockets or files here.
+      def shutdown
+        super
+        @http_client.shutdown
       end
-    end
-    # This method is called when shutting down.
-    # Shutdown the thread and close sockets or files here.
-    def shutdown
-      super
-      @http_client.shutdown
-    end
 
-    # This method is called when an event reaches to Fluentd.
-    # Convert the event to a raw string.
-    def format(tag, time, record)
-      [tag, time, record].to_msgpack
-    end
+      # This method is called when an event reaches to Fluentd.
+      # Convert the event to a raw string.
+      def format(tag, time, record)
+        [tag, time, record].to_msgpack
+      end
 
-    # This method is called every flush interval. Write the buffer chunk
-    # to files or databases here.
-    # 'chunk' is a buffer chunk that includes multiple formatted
-    # events. You can use 'data = chunk.read' to get all events and
-    # 'chunk.open {|io| ... }' to get IO objects.
-    #
-    # NOTE! This method is called by internal thread, not Fluentd's main thread. So IO wait doesn't affect other plugins.
-    def write(chunk)
-      events = []
-      chunk.msgpack_each do |(tag, time, record)|
-        event = process_record(tag,time,record)
-        if event != nil
-          events.push(event)
+      # This method is called every flush interval. Write the buffer chunk
+      # to files or databases here.
+      # 'chunk' is a buffer chunk that includes multiple formatted
+      # events. You can use 'data = chunk.read' to get all events and
+      # 'chunk.open {|io| ... }' to get IO objects.
+      #
+      # NOTE! This method is called by internal thread, not Fluentd's main thread. So IO wait doesn't affect other plugins.
+      def write(chunk)
+        events = []
+          chunk.msgpack_each do |(tag, time, record)|
+          event = process_record(tag,time,record)
+          if event != nil
+            events.push(event)
+          end
         end
+        send_batch(events)
       end
-      send_batch(events)
-    end
 
-    def process_record(tag, time, record)
-      resource_map = {}
-      lm_event = {}
-
-      if @include_metadata
-        lm_event = get_metadata(record)
+      def formatted_to_msgpack_binary?
+        true
       end
 
-      if !@device_less_logs
-        # With devices
-        if record[RESOURCE_MAPPING_KEY] == nil
-            @resource_mapping.each do |key, value|
-              k = value
-              nestedVal = record
-              key.to_s.split('.').each { |x| nestedVal = nestedVal[x] }
-              if nestedVal != nil
-                resource_map[k] = nestedVal
+      def process_record(tag, time, record)
+        resource_map = {}
+        lm_event = {}
+
+        if @include_metadata
+          lm_event = get_metadata(record)
+        end
+
+        if !@device_less_logs
+          # With devices
+          if record[RESOURCE_MAPPING_KEY] == nil
+              @resource_mapping.each do |key, value|
+                k = value
+                nestedVal = record
+                key.to_s.split('.').each { |x| nestedVal = nestedVal[x] }
+                if nestedVal != nil
+                  resource_map[k] = nestedVal
+                end
               end
-            end
-          lm_event[RESOURCE_MAPPING_KEY] = resource_map
+            lm_event[RESOURCE_MAPPING_KEY] = resource_map
+          else
+            lm_event[RESOURCE_MAPPING_KEY] = record[RESOURCE_MAPPING_KEY]
+          end
         else
-          lm_event[RESOURCE_MAPPING_KEY] = record[RESOURCE_MAPPING_KEY]
+          # Device less
+          if record[DEVICELESS_KEY_SERVICE]==nil
+            log.error "When device_less_logs is set \'true\', record must have \'service\'. Ignoring this event #{lm_event}."
+            return nil
+          else
+            lm_event[DEVICELESS_KEY_SERVICE] = encode_if_necessary(record[DEVICELESS_KEY_SERVICE])
+            if record[DEVICELESS_KEY_NAMESPACE]!=nil
+              lm_event[DEVICELESS_KEY_NAMESPACE] = encode_if_necessary(record[DEVICELESS_KEY_NAMESPACE])
+            end
+          end
         end
-      else
-        # Device less
-        if record[DEVICELESS_KEY_SERVICE]==nil
-          log.error "When device_less_logs is set \'true\', record must have \'service\'. Ignoring this event #{lm_event}."
-          return nil
+
+        if record["timestamp"] != nil
+          lm_event["timestamp"] = record["timestamp"]
         else
-          lm_event[DEVICELESS_KEY_SERVICE] = encode_if_necessary(record[DEVICELESS_KEY_SERVICE])
-          if record[DEVICELESS_KEY_NAMESPACE]!=nil
-            lm_event[DEVICELESS_KEY_NAMESPACE] = encode_if_necessary(record[DEVICELESS_KEY_NAMESPACE])
-          end
+          lm_event["timestamp"] = Time.at(time).utc.to_datetime.rfc3339
         end
-      end
+        lm_event["message"] = encode_if_necessary(record["message"])
 
-      if record["timestamp"] != nil
-        lm_event["timestamp"] = record["timestamp"]
-      else
-        lm_event["timestamp"] = Time.at(time).utc.to_datetime.rfc3339
-      end
-      lm_event["message"] = encode_if_necessary(record["message"])
+        if !is_blank(@resource_type)
+          lm_event['_resource.type'] = resource_type
+        end
 
-      resource_type = @resource_type || @detector.infer_resource_type(record, tag)
-      if resource_type.nil? || resource_type.strip.empty? || resource_type == 'Unknown'
-        resource_type = @local_env_str
+        return lm_event
       end
 
-      lm_event['_resource.type'] = resource_type
-
-      return lm_event
-    end
-
-    def get_metadata(record)
-      #if encoding is not defined we will skip going through each key val
-      #and return the whole record for performance reasons in case of a bulky record.
-      if @force_encoding == ""
-        return record
-      else
-        lm_event = {}
-        record.each do |key, value|
-          lm_event["#{key}"] = get_encoded_string(value)
+      def get_metadata(record)
+        #if encoding is not defined we will skip going through each key val
+        #and return the whole record for performance reasons in case of a bulky record.
+        if @force_encoding == ""
+          return record
+        else
+          lm_event = {}
+          record.each do |key, value|
+            lm_event["#{key}"] = get_encoded_string(value)
+          end
+          return lm_event
         end
-        return lm_event
       end
-    end
 
-    def encode_if_necessary(str)
-      if @force_encoding != ""
-        return get_encoded_string(str)
-      else
-        return str
+      def encode_if_necessary(str)
+        if @force_encoding != ""
+          return get_encoded_string(str)
+        else
+          return str
+        end
       end
-    end
 
-    def get_encoded_string(str)
-      return str.force_encoding(@force_encoding).encode("UTF-8")
-    end
+      def get_encoded_string(str)
+        return str.force_encoding(@force_encoding).encode("UTF-8")
+      end
 
-    def send_batch(events)
-      body = events.to_json
+      def send_batch(events)
+        body = events.to_json
 
-      if @debug
-        log.info "Sending #{events.length} events to logic monitor at #{@url}"
-        log.info "Request json #{body}"
-      end
+        if @debug
+          log.info "Sending #{events.length} events to logic monitor at #{@url}"
+          log.info "Request json #{body}"
+        end
 
-      request = Net::HTTP::Post.new(@uri.request_uri)
-      request['authorization'] = generate_token(events)
+        request = Net::HTTP::Post.new(@uri.request_uri)
+        request['authorization'] = generate_token(events)
 
-      if @compression == "gzip"
-        request['Content-Encoding'] = "gzip"
-        gzip = Zlib::GzipWriter.new(StringIO.new)
-        gzip << body
-        request.body = gzip.close.string
-      else
-        request.body = body
-      end
+        if @compression == "gzip"
+          request['Content-Encoding'] = "gzip"
+          gzip = Zlib::GzipWriter.new(StringIO.new)
+          gzip << body
+          request.body = gzip.close.string
+        else
+          request.body = body
+        end
 
-      if @debug
-        log.info "Sending the below request headers to logicmonitor:"
-        request.each_header {|key,value| log.info "#{key} = #{value}" }
-      end
+        if @debug
+          log.info "Sending the below request headers to logicmonitor:"
+          request.each_header {|key,value| log.info "#{key} = #{value}" }
+        end
 
-      resp = @http_client.request @uri, request
-      if @debug || resp.kind_of?(Net::HTTPMultiStatus) || !resp.kind_of?(Net::HTTPSuccess)
-        log.info "Status code:#{resp.code} Request Id:#{resp.header['x-request-id']} message:#{resp.body}"
+        resp = @http_client.request @uri, request
+        if @debug || resp.kind_of?(Net::HTTPMultiStatus) || !resp.kind_of?(Net::HTTPSuccess)
+          log.info "Status code:#{resp.code} Request Id:#{resp.header['x-request-id']} message:#{resp.body}"
+        end
       end
-    end
 
 
-    def generate_token(events)
-
-      if @use_bearer_instead_of_lmv1
-        return "Bearer #{@bearer_token}"
-      else
-        timestamp = DateTime.now.strftime('%Q')
-        signature = Base64.strict_encode64(
-            OpenSSL::HMAC.hexdigest(
-                OpenSSL::Digest.new('sha256'),
-                @access_key,
-                "POST#{timestamp}#{events.to_json}/log/ingest"
-            )
-        )
-        return "LMv1 #{@access_id}:#{signature}:#{timestamp}"
-      end
-    end
+      def generate_token(events)
 
-    def is_blank(str)
-      if str.nil? || str.to_s.strip.empty?
-        return true
-      else
-        return false
+        if @use_bearer_instead_of_lmv1
+          return "Bearer #{@bearer_token}"
+        else
+          timestamp = DateTime.now.strftime('%Q')
+          signature = Base64.strict_encode64(
+              OpenSSL::HMAC.hexdigest(
+                  OpenSSL::Digest.new('sha256'),
+                  @access_key,
+                  "POST#{timestamp}#{events.to_json}/log/ingest"
+              )
+          )
+          return "LMv1 #{@access_id}:#{signature}:#{timestamp}"
+        end
       end
-    end
 
-    def format_environment(env_info)
-      runtime = env_info[:runtime]
-      provider = env_info[:provider] if env_info.key?(:provider)
-
-      case runtime
-      when 'kubernetes'
-        'Kubernetes/Node'
-      when 'docker'
-        'Docker/Host'
-      when 'vm'
-        case provider&.downcase
-        when 'azure'
-          'Azure/VirtualMachine'
-        when 'aws'
-          'AWS/EC2'
-        when 'gcp'
-          'GCP/ComputeEngine'
+      def is_blank(str)
+        if str.nil? || str.to_s.strip.empty?
+          return true
         else
-          'Unknown/VirtualMachine'
+          return false
         end
-      when 'physical'
-        os = env_info[:os] || 'UnknownOS'
-        product = env_info[:product] || 'UnknownHardware'
-        "#{os} / #{product}"
-      else
-        'UnknownEnvironment'
       end
-    end
 
+    end
   end
 end

data/lib/fluent/plugin/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module LmLogsFluentPlugin
-    VERSION = '1.2.5'
+    VERSION = '1.2.6'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-lm-logs
 version: !ruby/object:Gem::Version
-  version: 1.2.5
+  version: 1.2.6
 platform: ruby
 authors:
 - LogicMonitor
@@ -56,7 +56,6 @@ files:
 - README.md
 - Rakefile
 - fluent-plugin-lm-logs.gemspec
-- lib/fluent/plugin/environment_detector.rb
 - lib/fluent/plugin/out_lm.rb
 - lib/fluent/plugin/version.rb
 homepage: https://www.logicmonitor.com

data/lib/fluent/plugin/environment_detector.rb

@@ -1,201 +0,0 @@
-require 'net/http'
-require 'timeout'
-require 'json'
-
-class EnvironmentDetector
-  METADATA_TIMEOUT = 1
-
-  def detect
-    if running_in_kubernetes?
-      { runtime: 'kubernetes' }.merge(detect_node_info)
-    elsif running_in_docker?
-      { runtime: 'docker' }.merge(detect_node_info)
-    else
-      detect_host_environment
-    end
-  end
-
-  def format_environment(env_info)
-    runtime = env_info[:runtime]
-    provider = env_info[:provider] if env_info.key?(:provider)
-
-    case runtime
-    when 'kubernetes'
-      'Kubernetes/Node'
-    when 'docker'
-      'Docker/Host'
-    when 'vm'
-      case provider&.downcase
-      when 'azure'
-        'Azure/VirtualMachine'
-      when 'aws'
-        'AWS/EC2'
-      when 'gcp'
-        'GCP/ComputeEngine'
-      else
-        'Unknown/VirtualMachine'
-      end
-    when 'physical'
-      os = env_info[:os] || 'UnknownOS'
-      product = env_info[:product] || 'UnknownHardware'
-      "#{os} / #{product}"
-    else
-      'UnknownEnvironment'
-    end
-  end
-
-  def infer_resource_type(record, tag = nil)
-    return record['resource_type'] if record['resource_type']
-
-    host = (record['host'] || record['hostname'] || '').to_s
-    msg = (record['message'] || '').to_s
-    program = (record['syslog_program'] || '').to_s
-    tags = record['tags'] || []
-    tag_down = tag&.downcase || ''
-
-    host_down = host.downcase
-    msg_down = msg.downcase
-    program_down = program.downcase
-    # From tag pattern (case-insensitive)
-    return 'WindowsServer' if tag_down.include?('windows')
-    return 'LinuxServer' if tag_down.include?('linux')
-    return 'Kubernetes/Node' if tag_down.include?('k8s') || tag_down.include?('kubernetes')
-    return 'Docker/Host' if tag_down.include?('docker')
-
-    # Structured metadata
-    return 'Kubernetes/Node' if record.key?('kubernetes')
-    return 'Docker/Host' if record.key?('container_id') || record.dig('docker', 'container_id')
-    return 'AWS/VirtualMachine' if host_down.start_with?('ip-') || msg_down.include?('amazon')
-    return 'GCP/VirtualMachine' if host_down.include?('.c.') || host_down.include?('gcp')
-    return 'Azure/VirtualMachine' if host_down.include?('cloudapp.net') || msg_down.include?('azure')
-    return 'VMware/VirtualMachine' if msg_down.include?('vmware') || host_down.include?('vmware')
-
-    return 'WindowsServer' if record.key?('EventID') || record.key?('ProviderName') || record.key?('Computer')
-    return 'LinuxServer' if record.key?('syslog_facility') || program_down != ''
-
-    return 'Firewall' if program_down.downcase.include?('firewalld') || msg_down.downcase.include?('iptables') || msg_down.include?('blocked by policy')
-    return 'ACMEServer' if host_down.include?('acme') || msg_down.include?('ACME-Request') || tags.include?('acme')
-    return 'WebServer' if msg_down.include?('nginx') || msg_down.include?('apache')
-    return 'DatabaseServer' if msg_down.include?('mysql') || msg_down.include?('postgres') || msg_down.include?('oracle')
-
-    'Unknown'
-  end
-
-
-  private
-
-  def running_in_kubernetes?
-    ENV.key?('KUBERNETES_SERVICE_HOST') || ENV.key?('KUBERNETES_PORT')
-  end
-
-  def running_in_docker?
-    return true if ENV['container'] == 'docker'
-    cgroup = File.read('/proc/1/cgroup') rescue ''
-    return true if cgroup.include?('docker') || cgroup.include?('containerd')
-    File.exist?('/.dockerenv')
-  end
-
-  def detect_host_environment
-    provider_info = detect_cloud_provider
-    return { runtime: 'vm', provider: provider_info[:provider], details: provider_info[:details] } if provider_info
-
-    os = detect_os
-    product = detect_product_info
-
-    if product.downcase.include?('xen hvm domu') && os.downcase.include?('amazon')
-      return { runtime: 'vm', provider: 'aws', details: { os: os, product: product } }
-    end
-
-    { runtime: 'physical', os: os, product: product }
-  end
-
-  def detect_node_info
-    { node_os: detect_os, node_product: detect_product_info }
-  end
-
-  def detect_cloud_provider
-    azure_metadata || aws_metadata || gcp_metadata
-  end
-
-  def azure_metadata
-    url = 'http://169.254.169.254/metadata/instance?api-version=2021-02-01'
-    headers = { 'Metadata' => 'true' }
-    response = fetch_metadata(url, headers)
-    return unless response
-    json = JSON.parse(response) rescue {}
-    {
-      provider: 'azure',
-      details: {
-        vm_id: json.dig('compute', 'vmId'),
-        location: json.dig('compute', 'location'),
-        name: json.dig('compute', 'name'),
-        vm_size: json.dig('compute', 'vmSize')
-      }
-    }
-  end
-
-  def aws_metadata
-    url = 'http://169.254.169.254/latest/meta-data/instance-id'
-    response = fetch_metadata(url)
-    return unless response
-    { provider: 'aws', details: { instance_id: response.strip } }
-  end
-
-  def gcp_metadata
-    url = 'http://169.254.169.254/computeMetadata/v1/instance/id'
-    headers = { 'Metadata-Flavor' => 'Google' }
-    response = fetch_metadata(url, headers)
-    return unless response
-    { provider: 'gcp', details: { instance_id: response.strip } }
-  end
-
-  def fetch_metadata(url, headers = {}, timeout_sec = METADATA_TIMEOUT)
-    uri = URI(url)
-    Timeout.timeout(timeout_sec) do
-      req = Net::HTTP::Get.new(uri)
-      headers.each { |k, v| req[k] = v }
-      res = Net::HTTP.start(uri.host, uri.port, open_timeout: timeout_sec, read_timeout: timeout_sec) { |http| http.request(req) }
-      return res.body if res.is_a?(Net::HTTPSuccess)
-    end
-  rescue Timeout::Error, SocketError, Errno::ECONNREFUSED, Errno::EHOSTUNREACH, EOFError
-    nil
-  end
-
-  def detect_os
-    if File.exist?('/etc/os-release')
-      os_info = {}
-      File.foreach('/etc/os-release') do |line|
-        key, value = line.strip.split('=', 2)
-        os_info[key] = value&.gsub('"', '')
-      end
-      "#{os_info['NAME']} #{os_info['VERSION']}"
-    elsif RUBY_PLATFORM.include?('darwin')
-      product_name = `sw_vers -productName`.strip
-      product_version = `sw_vers -productVersion`.strip
-      "#{product_name} #{product_version}"
-    else
-      `uname -a`.strip
-    end
-  rescue
-    'unknown'
-  end
-
-  def detect_product_info
-    if File.exist?('/sys/class/dmi/id/sys_vendor') && File.exist?('/sys/class/dmi/id/product_name')
-      vendor = read_file('/sys/class/dmi/id/sys_vendor')
-      product = read_file('/sys/class/dmi/id/product_name')
-      "#{vendor} #{product}".strip
-    elsif RUBY_PLATFORM.include?('darwin')
-      model = `system_profiler SPHardwareDataType | awk '/Model Identifier/ { print $3 }'`.strip
-      model.empty? ? 'Mac' : model
-    else
-      'unknown'
-    end
-  rescue
-    'unknown'
-  end
-
-  def read_file(path)
-    File.read(path).strip if File.exist?(path)
-  end
-end