rackstash 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8cd189bc3e583fbbf1beaff0412eb8e0883c4864
-  data.tar.gz: 35589d8c2e109887b730cc57168a6f7bc55a16d7
+  metadata.gz: 350b0ac721bfde86c8259470b3f7e6c3911d9f5c
+  data.tar.gz: ab47f38168d36ca48de001035affae5f9664293d
 SHA512:
-  metadata.gz: 8e88aff7362f7aef71ee0b4147d9272e7870982b82c480ed8e3b961dcfa98706bdedd10d8b2994150b6fba340fd69ebb8b365a18e27810120b385d615524a703
-  data.tar.gz: 025b237ee9c691ccfd743574fb7ac2db181e7e6511a2957e103aa7989048fb53dfa56b740b4c635c4f75c3364d6ff34a0d9fd2d547629b237b3a6a3f14958bd1
+  metadata.gz: 895bbb5b842bdac28f4198d6f516c413458fd7da29f5f6c05f215356723431fc6143a5dca9648c04885cd678aa90aae4489017dd1e05581e40692de96cae0510
+  data.tar.gz: 5ec42ec1c69e9f4792c61a3a4cd0eeb329941b580a4834ea9a5ff182ac224c030106d515d4e3443a4f97f988c9dc240f55879a568a0321ac5f273850695ab6d7

data/.gitignore

@@ -1,9 +1,17 @@
-/.bundle/
-/.yardoc
-/Gemfile.lock
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.travis.yml

@@ -0,0 +1,26 @@
+language: ruby
+cache: bundler
+sudo: false
+rvm:
+  - 1.8.7
+  - 2.0.0
+  - 2.1.0
+  - jruby-18mode
+  - jruby-19mode
+env:
+  - RACK_VERSION=1.4.1
+  - RAILS_VERSION=2.3.15
+  - RAILS_VERSION=3.2.0
+  - RAILS_VERSION=4.2.0
+before_install:
+  - '[ "$TRAVIS_RUBY_VERSION" = "2.1.0" ] && gem install bundler -v ">= 1.5.1" --conservative || true'
+matrix:
+  exclude:
+    - rvm: 1.8.7
+      env: RAILS_VERSION=4.2.0
+    - rvm: jruby-18mode
+      env: RAILS_VERSION=4.2.0
+    - rvm: 2.0.0
+      env: RAILS_VERSION=2.3.15
+    - rvm: 2.1.0
+      env: RAILS_VERSION=2.3.15

data/Gemfile

@@ -1,4 +1,35 @@
 source 'https://rubygems.org'
 
+if ENV['RAILS_VERSION']
+  gem "rails", "~> #{ENV['RAILS_VERSION']}"
+
+  if RUBY_VERSION < '2'
+    gem "rack-cache", '< 1.3'
+    # gem "json", "< 2"
+  end
+elsif ENV['RACK_VERSION']
+  gem "rack", "~> #{ENV['RACK_VERSION']}"
+end
+
+if RUBY_VERSION < "2"
+  gem "mime-types", "< 2.0.0"
+  gem "json", "< 2"
+
+  gem "rake", "~> 10.5.0"
+
+  if RUBY_VERSION < '1.9.3'
+    gem "i18n", "~> 0.6.11"
+    gem "activesupport", "< 4"
+  else
+    gem "i18n", "~> 0.7"
+    gem "activesupport", "< 5"
+  end
+elsif RUBY_VERSION < "2.2.2"
+  gem "activesupport", "< 5"
+  gem "coveralls"
+else
+  gem "coveralls"
+end
+
 # Specify your gem's dependencies in rackstash.gemspec
 gemspec

data/LICENSE.txt

@@ -1,21 +1,22 @@
-The MIT License (MIT)
+Copyright (c) 2012-2014 Holger Just, Planio GmbH <holger@plan.io>
 
-Copyright (c) 2016 Holger Just
+MIT License
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,12 +1,161 @@
-# Rackstash
+# Rackstash - Sane Logs for Rack and Rails
 
-This is just a placeholder for now. Please have a look at https://github.com/meineerde/rackstash for any progress.
+A gem which tames the Rack and Rails (2.3.x and 3.x) logs and generates JSON
+log lines in the native [Logstash JSON Event format](http://logstash.net).
 
-## Contributing
+It is thus similar to the excellent
+[Lograge](https://github.com/roidrage/lograge) by Mathias Meyer. The main
+difference between Rackstash and Lograge is that Lograge attempts to
+completely remove the existing logging and to replaces it with its own log
+line. Rackstash instead retains the existing logs and just enhances them with
+structured fields which can then be used in a Logstash environment. By
+default, Rackstash collects the very same data that Lograge collects plus the
+original full request log.
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/meineerde/rackstash. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+Given that Rackstash deals with potentially large amounts of log data per
+request, it might be difficult to use with syslog. You would have to set the
+supported message size rather high and have to make sure that all syslog
+servers can handle the large messages. Rackstash is known to work with a
+[syslog_logger](https://rubygems.org/gems/SyslogLogger) as the underlying
+logger when its shipping to a sufficiently configured rsyslog.
 
-## License
+In any case is probably much easier to setup Logstash directly on the
+application server to read the logs from the default log file location and
+to eventually forward them to their final destination.
 
-The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+# Installation
 
+Add this line to your application's Gemfile:
+
+    gem 'rackstash'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rackstash
+
+# Usage
+
+## Rails 3, Rails 4
+
+Just add Rackstash to your Gemfile as described above. Then, in the
+environment you want to enable Rackstash output, add a simple
+
+```ruby
+# config/environments/production.rb
+MyApp::Application.configure do
+  config.rackstash.enabled = true
+end
+```
+
+Additionally, you can configure Rackstash by setting one or more of the
+settings described in the configuration section below in the respective
+environment file.
+
+## Rails 2
+
+When using bundler (if not, you *really* should start using it), you can just
+add Rackstash to your Gemfile as described above. Then, in the environment
+you want to enable Rackstash output, add a simple
+
+```ruby
+require 'rackstash'
+config.rackstash.enabled = true
+```
+
+If you use `Bundler.require` during your Rails initialization, you can skip
+the first line of the above step.
+
+Note though that is is **not sufficient** to require Rackstash
+in an initializer (i.e. one of the files in `config/initializers`) as these
+files are evaluated too late during Rails initialization for Rackstash to
+take over all of the Rails logging. You have to require it in either
+`config/environment.rb` or one or more of
+`config/environments/<environment name>.rb`.
+
+Additionally, you can configure Rackstash by setting one or more of the
+settings described in the configuration section in the respective environment
+file.
+
+## Configuration
+
+You have to set the `enabled` attribute to `true` to convert the logs to JSON
+using Rackstash:
+
+```ruby
+config.rackstash.enabled = true
+```
+
+Then you can configure a multitude of options and additional fields
+
+```ruby
+# The source attribute of all Logstash events
+# By default: "unknown"
+config.rackstash.source = "http://rails.example.com"
+
+# An array of strings with which all emited log events are tagged.
+# By default empty.
+config.rackstash.tags = ['ruby', 'rails2']
+
+# Additional fields which are included into each log event that
+# originates from a captured request.
+# Can either be a Hash or an object which responds to to_proc which
+# subsequently returns a Hash. If it is the latter, the proc will be exceuted
+# similar to an after filter in every request of the controller and thus has
+# access to the controller state after the request was handled.
+config.rackstash.request_fields = lambda do |controller|
+  {
+    :host => request.host,
+    :source_ip => request.remote_ip,
+    :user_agent => request.user_agent
+  }
+end
+
+# Additional fields that are to be included into every emitted log, both
+# buffered and not. You can use this to add global state information to the
+# log, e.g. from the current thread or from the current environment.
+# Similar to the request_fields, this can be either a static Hash or an
+# object which responds to to_proc and returns a Hash there.
+#
+# Note that the proc is not executed in a controller instance and thus doesn't
+# directly have access to the controller state.
+config.rackstash.fields = lambda do
+  {
+    :thread_id => Thread.current.object_id,
+    :app_server => Socket.gethostname
+  }
+end
+
+# Buffered logs events are emitted with this log level. If the logger is
+# not buffering, it just passes the original log level through.
+# Note that the underlying logger should log events with at least this log
+# level
+# By default: :info
+config.rackstash.log_level = :info
+```
+
+# Caveats
+
+* Few tests
+* No plain Rack support yet
+
+# Contributing
+
+[![Gem Version](https://badge.fury.io/rb/rackstash.png)](https://rubygems.org/gems/rackstash)
+[![Build Status](https://secure.travis-ci.org/planio-gmbh/rackstash.png?branch=master)](https://travis-ci.org/planio-gmbh/rackstash)
+[![Code Climate](https://codeclimate.com/github/planio-gmbh/rackstash.png)](https://codeclimate.com/github/planio-gmbh/rackstash)
+[![Coverage Status](https://coveralls.io/repos/planio-gmbh/rackstash/badge.png?branch=master)](https://coveralls.io/r/planio-gmbh/rackstash?branch=master)
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+# License
+
+MIT. Code extracted from [Planio](http://plan.io).
+Copyright (c) 2012-2014 Holger Just, Planio GmbH

data/Rakefile

@@ -1,10 +1,10 @@
 require "bundler/gem_tasks"
-require "rake/testtask"
 
-Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.libs << "lib"
-  t.test_files = FileList['test/**/*_test.rb']
-end
+require 'rake/testtask'
 
-task :default => :test
+task :default => [:test]
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'test'
+  test.test_files = FileList['test/**/*_test.rb']
+  test.verbose = true
+end

data/bin/rackstash

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+# -*- mode: ruby -*-
+
+require 'rackstash/runner'
+Rackstash::Runner.start

data/lib/rackstash.rb

@@ -1,5 +1,88 @@
-require "rackstash/version"
+require 'active_support/core_ext/module/attribute_accessors'
+require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/version'
+if ActiveSupport::VERSION::MAJOR < 3
+  Hash.send(:include, ActiveSupport::CoreExtensions::Hash::IndifferentAccess) unless Hash.included_modules.include? ActiveSupport::CoreExtensions::Hash::IndifferentAccess
+end
+
+require 'rackstash/buffered_logger'
+require 'rackstash/log_middleware'
+require 'rackstash/version'
 
 module Rackstash
-  # Your code goes here...
+  # The level with which the logs are emitted, by default info
+  mattr_accessor :log_level
+  self.log_level = :info
+
+  # Custom fields that will be merged with the log object when we
+  # capture a request.
+  #
+  # Currently supported formats are:
+  #  - Hash
+  #  - Any object that responds to to_proc and returns a hash
+  #
+  mattr_writer :request_fields
+  self.request_fields = HashWithIndifferentAccess.new
+  def self.request_fields(controller)
+    if @@request_fields.respond_to?(:to_proc)
+      ret = controller.instance_eval(&@@request_fields)
+    else
+      ret = @@request_fields
+    end
+    HashWithIndifferentAccess.new(ret)
+  end
+
+  # Custom fields that will be merged with every log object, be it a captured
+  # request or not.
+  #
+  # Currently supported formats are:
+  #  - Hash
+  #  - Any object that responds to to_proc and returns a hash
+  #
+  mattr_writer :fields
+  self.fields = HashWithIndifferentAccess.new
+  def self.fields
+    if @@fields.respond_to?(:to_proc)
+      ret = @@fields.to_proc.call
+    else
+      ret = @@fields
+    end
+    HashWithIndifferentAccess.new(ret)
+  end
+
+  # The source attribute in the generated Logstash output
+  mattr_accessor :source
+
+  # The logger object that is used by the actual application
+  mattr_accessor :logger
+
+  # Additonal tags which are attached to each buffered log event
+  mattr_reader :tags
+  def self.tags=(tags)
+    @@tags = tags.map(&:to_s)
+  end
+  self.tags = []
+
+  def self.with_log_buffer(&block)
+    if Rackstash.logger.respond_to?(:with_buffer)
+      Rackstash.logger.with_buffer(&block)
+    else
+      yield
+    end
+  end
+
+  def self.framework
+    @framework ||= begin
+      if Object.const_defined?(:Rails)
+        Rails::VERSION::MAJOR >= 3 ? "rails3" : "rails2"
+      else
+        "rack"
+      end
+    end
+  end
+
+  require "rackstash/framework/base"
+  require "rackstash/framework/#{framework}"
+  extend Rackstash::Framework::Base
+  extend Rackstash::Framework.const_get(framework.capitalize)
 end

data/lib/rackstash/buffered_logger.rb

@@ -0,0 +1,269 @@
+require 'forwardable'
+require 'logger'
+require 'securerandom'
+require 'active_support/core_ext/hash/reverse_merge'
+require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/version'
+if ActiveSupport::VERSION::MAJOR < 3
+  Hash.send(:include, ActiveSupport::CoreExtensions::Hash::ReverseMerge) unless Hash.included_modules.include? ActiveSupport::CoreExtensions::Hash::ReverseMerge
+  Hash.send(:include, ActiveSupport::CoreExtensions::Hash::IndifferentAccess) unless Hash.included_modules.include? ActiveSupport::CoreExtensions::Hash::IndifferentAccess
+end
+
+require 'rackstash/log_severity'
+# MRI 1.8 doesn't set the RUBY_ENGINE constant required by logstash-event
+Object.const_set(:RUBY_ENGINE, "ruby") unless Object.const_defined?(:RUBY_ENGINE)
+require "logstash-event"
+
+
+module Rackstash
+  class BufferedLogger
+    extend Forwardable
+    include Rackstash::LogSeverity
+
+    class SimpleFormatter < ::Logger::Formatter
+      def call(severity, timestamp, progname, msg)
+        "#{String === msg ? msg : msg.inspect}\n"
+      end
+    end
+
+    def initialize(logger)
+      @logger = logger
+      @logger.formatter = SimpleFormatter.new if @logger.respond_to?(:formatter=)
+      @buffer = {}
+
+      @source_is_customized = false
+
+      # Note: Buffered logs need to be explicitly flushed to the underlying
+      # logger using +flush_and_pop_buffer+. This will not flush the underlying
+      # logger. If this is required, you still need to call
+      # +BufferedLogger#logger.flush+
+      delegate_if_required :@logger, :flush, :auto_flushing, :auto_flushing=
+      delegate_if_required :@logger, :progname, :progname=
+      delegate_if_required :@logger, :silencer, :silencer=, :silence
+    end
+
+    attr_accessor :formatter
+    attr_reader :logger
+    def_delegators :@logger, :level, :level=
+
+    def add(severity, message=nil, progname=nil)
+      severity ||= UNKNOWN
+      return true if level > severity
+
+      progname ||= logger.progname if logger.respond_to?(:progname)
+      if message.nil?
+        if block_given?
+          message = yield
+        else
+          message = progname
+        end
+      end
+
+      line = {:severity => severity, :message => message}
+      if buffering?
+        buffer[:messages] << line
+        message
+      else
+        json = logstash_event([line])
+        logger.add(severity, json)
+      end
+    end
+
+    def <<(message)
+      logger << message
+    end
+
+    Severities.each do |severity|
+      class_eval <<-EOT, __FILE__, __LINE__ + 1
+        def #{severity.to_s.downcase}(message = nil, progname = nil, &block)  # def debug(message = nil, progname = nil, &block)
+          add(#{severity}, message, progname, &block)                         #   add(DEBUG, message, progname, &block)
+        end                                                                   # end
+                                                                              #
+        def #{severity.to_s.downcase}?                                        # def debug?
+          #{severity} >= level                                                #   DEBUG >= level
+        end                                                                   # end
+      EOT
+    end
+
+    def with_buffer
+       push_buffer
+       yield
+    rescue Exception => exception
+      # Add some details about an exception to the logs
+      # This won't catch errors in Rails requests as they are catched by
+      # the ActionController::Failsafe middleware before our middleware.
+      if self.fields
+        error_fields = {
+          :error => exception.class.name,
+          :error_message => exception.message,
+          :error_backtrace => exception.backtrace.join("\n")
+        }
+        self.fields.reverse_merge!(error_fields)
+      end
+      raise
+    ensure
+      flush_and_pop_buffer
+    end
+
+    def fields
+      buffer && buffer[:fields]
+    end
+
+    def tags
+      buffer && buffer[:tags]
+    end
+
+    def source=(value)
+      @source = value
+      @source_is_customized = true
+    end
+    def source
+      if @source_is_customized
+        @source
+      else
+        Rackstash.respond_to?(:source) && Rackstash.source
+      end
+    end
+
+    def close
+      flush_and_pop_buffer while buffering?
+      logger.flush if logger.respond_to?(:flush)
+      logger.close if logger.respond_to?(:close)
+    end
+
+    def push_buffer
+      child_buffer = {
+        :messages => [],
+        :fields => default_fields,
+        :tags => [],
+        :do_not_log => false
+      }
+
+      self.buffer_stack ||= []
+      if parent_buffer = buffer
+        parent_buffer[:fields][:child_log_ids] ||= []
+        parent_buffer[:fields][:child_log_ids] << child_buffer[:fields][:log_id]
+        child_buffer[:fields][:parent_log_id] = parent_buffer[:fields][:log_id]
+      end
+
+      self.buffer_stack << child_buffer
+      nil
+    end
+
+    def flush_and_pop_buffer
+      if buffer = self.buffer
+        unless buffer[:do_not_log]
+          json = logstash_event(buffer[:messages], buffer[:fields], buffer[:tags])
+          log_level = Rackstash.respond_to?(:log_level) ? Rackstash.log_level : :info
+          logger.send(log_level, json)
+        end
+        logger.flush if logger.respond_to?(:flush)
+      end
+
+      pop_buffer
+    end
+
+    def buffering?
+      !!buffer
+    end
+
+    def do_not_log!(yes_or_no=true)
+      return false unless buffer
+      buffer[:do_not_log] = !!yes_or_no
+    end
+
+  protected
+    def delegate_if_required(object_name, *methods)
+      object = instance_variable_get(object_name)
+      methods = Array(methods).select{|method| object.respond_to? method}
+
+      metaclass = class << self; self; end
+      methods.each do |method|
+        metaclass.instance_eval{ def_delegator object, method }
+      end
+    end
+
+    def default_fields
+      HashWithIndifferentAccess.new({"log_id" => uuid, "pid" => Process.pid})
+    end
+
+    def buffer
+      buffer_stack && buffer_stack.last
+    end
+
+    def buffer_stack
+      @buffer[Thread.current.object_id]
+    end
+
+    def buffer_stack=(stack)
+      @buffer[Thread.current.object_id] = stack
+    end
+
+    # This method removes the top-most buffer.
+    # It does not flush the buffer in any way. Use +flush_and_pop_buffer+
+    # for that.
+    def pop_buffer
+      poped = nil
+
+      if buffer_stack
+        poped = buffer_stack.pop
+        # We need to delete the whole array to prevent a memory leak
+        # from piling threads
+        @buffer.delete(Thread.current.object_id) unless buffer_stack.any?
+      end
+      poped
+    end
+
+    # uuid generates a v4 random UUID (Universally Unique IDentifier).
+    #
+    #    p SecureRandom.uuid #=> "2d931510-d99f-494a-8c67-87feb05e1594"
+    #    p SecureRandom.uuid #=> "bad85eb9-0713-4da7-8d36-07a8e4b00eab"
+    #    p SecureRandom.uuid #=> "62936e70-1815-439b-bf89-8492855a7e6b"
+    #
+    # The version 4 UUID is purely random (except the version). It doesn’t
+    # contain meaningful information such as MAC address, time, etc.
+    #
+    # See RFC 4122 for details of UUID.
+    def uuid
+      if SecureRandom.respond_to?(:uuid)
+        # Available since Ruby 1.9.2
+        SecureRandom.uuid
+      else
+        # Copied verbatim from SecureRandom.uuid of MRI 1.9.3
+        ary = SecureRandom.random_bytes(16).unpack("NnnnnN")
+        ary[2] = (ary[2] & 0x0fff) | 0x4000
+        ary[3] = (ary[3] & 0x3fff) | 0x8000
+        "%08x-%04x-%04x-%04x-%04x%08x" % ary
+      end
+    end
+
+    def normalized_message(logs=[])
+      logs.map do |line|
+        # normalize newlines
+        msg = line[:message].to_s.gsub(/[\n\r]/, "\n")
+        # remove any leading newlines and a single trailing newline
+        msg = msg.sub(/\A\n+/, '').sub(/\n\z/, '')
+        msg = "[#{Severities[line[:severity]]}] ".rjust(10) + msg
+        # Normalize the log line to UTF-8
+        msg.encode!(Encoding::UTF_8, :invalid => :replace, :undef => :replace) if msg.respond_to?(:encode!)
+        msg
+      end.join("\n")
+    end
+
+    def logstash_event(logs=[], fields=default_fields, tags=[])
+      rackstash_fields = Rackstash.respond_to?(:fields) ? Rackstash.fields : {}
+      fields = rackstash_fields.merge(fields)
+
+      rackstash_tags = Rackstash.respond_to?(:tags) ? Rackstash.tags : []
+      tags = rackstash_tags | tags.map(&:to_s)
+
+      event = LogStash::Event.new(
+        "@message" => normalized_message(logs),
+        "@fields" => fields,
+        "@tags" => tags,
+        "@source" => self.source
+      )
+      event.to_json
+    end
+  end
+end