elastic
diff --git a/‎.gitignore
Lines changed: 3 additions & 0 deletions b/‎.gitignore
Lines changed: 3 additions & 0 deletions
diff --git a/‎Makefile
Lines changed: 14 additions & 0 deletions b/‎Makefile
Lines changed: 14 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 9 additions & 5 deletions b/‎README.md
Lines changed: 9 additions & 5 deletions
diff --git a/‎docs/index.asciidoc
Lines changed: 18 additions & 0 deletions b/‎docs/index.asciidoc
Lines changed: 18 additions & 0 deletions
diff --git a/‎docs/intro.asciidoc
Lines changed: 33 additions & 0 deletions b/‎docs/intro.asciidoc
Lines changed: 33 additions & 0 deletions
diff --git a/‎docs/morgan.asciidoc
Lines changed: 197 additions & 0 deletions b/‎docs/morgan.asciidoc
Lines changed: 197 additions & 0 deletions
@@ -60,6 +60,9 @@ typings/
 # next.js build output
 .next
 
+# doc build output
+html_docs
+
 .ecs
 .DS_Store
 /tmp
@@ -5,6 +5,7 @@
 .PHONY: all
 all:
 	./.ci/run-install.sh
+	(cd utils && npm install)
 
 .PHONY: clean
 clean:
@@ -34,6 +35,19 @@ fmt:
 test:
 	./.ci/run-test.sh
 
+# Build and open the rendered docs for testing.
+#
+# Requirements:
+# - Docker is running
+# - "../docs" is an elastic/docs.git clone
+# - "../ecs-logging" is an elastic/ecs-logging.git clone
+.PHONY: docs-and-open
+docs-and-open:
+	export GIT_HOME=$(shell cd .. && pwd) && \
+		$$GIT_HOME/docs/build_docs \
+			--resource $$GIT_HOME/ecs-logging/docs/ --chunk 1 --open \
+			--doc $$PWD/docs/index.asciidoc
+
 # List licenses of prod deps.
 .PHONY: list-licenses
 list-licenses:
 
@@ -5,8 +5,9 @@
 [![Build Status](https://apm-ci.elastic.co/buildStatus/icon?job=apm-agent-nodejs%2Fecs-logging-nodejs-mbp%2Fmaster)](https://apm-ci.elastic.co/job/apm-agent-nodejs/job/ecs-logging-nodejs-mbp/job/master/)  [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)
 
 This set of libraries allows you to transform your application logs to structured logs that comply with the [Elastic Common Schema (ECS)](https://www.elastic.co/guide/en/ecs/current/ecs-reference.html).
-In combination with [filebeat](https://www.elastic.co/products/beats/filebeat) you can send your logs directly to Elasticsearch and leverage [Kibana's Logs UI](https://www.elastic.co/guide/en/infrastructure/guide/current/logs-ui-overview.html) to inspect all logs in one single place.
-See [ecs-logging](https://github.com/elastic/ecs-logging) for other ECS logging libraries and more resources about ECS & logging.
+In combination with [filebeat](https://www.elastic.co/products/beats/filebeat) you can send your logs directly to Elasticsearch and leverage [Kibana's Logs app](https://www.elastic.co/guide/en/observability/current/monitor-logs.html) to inspect all logs in one single place.
+
+Please see the [Node.js ECS logging documentation](https://www.elastic.co/guide/en/ecs-logging/nodejs/current/intro.html).
 
 ---
 
@@ -16,13 +17,16 @@ backwards-incompatible changes might be introduced in releases during the
 
 ---
 
-### Supported logging frameworks
+## Supported logging frameworks
 
+- [Morgan](https://github.com/expressjs/morgan) via [@elastic/ecs-morgan-format](./loggers/morgan)
+  ([docs](https://www.elastic.co/guide/en/ecs-logging/nodejs/current/morgan.html))
 - [Pino](https://getpino.io/#/) via [@elastic/ecs-pino-format](./loggers/pino)
+  ([docs](https://www.elastic.co/guide/en/ecs-logging/nodejs/current/pino.html))
 - [Winston](https://github.com/winstonjs/winston) via [@elastic/ecs-winston-format](./loggers/winston)
-- [Morgan](https://github.com/expressjs/morgan) via [@elastic/ecs-morgan-format](./loggers/morgan)
+  ([docs](https://www.elastic.co/guide/en/ecs-logging/nodejs/current/winston.html))
 
-### References
+## Links
 
 * Introduction to ECS [blog post](https://www.elastic.co/blog/introducing-the-elastic-common-schema).
 * Logs UI [blog post](https://www.elastic.co/blog/infrastructure-and-logs-ui-new-ways-for-ops-to-interact-with-elasticsearch).
 
@@ -0,0 +1,18 @@
+:ecs-repo-dir:  {ecs-logging-root}/docs/
+
+include::{docs-root}/shared/versions/stack/current.asciidoc[]
+include::{docs-root}/shared/attributes.asciidoc[]
+
+ifdef::env-github[]
+NOTE: For the best reading experience,
+please view this documentation at https://www.elastic.co/guide/en/ecs-logging/nodejs/current/index.html[elastic.co]
+endif::[]
+
+= ECS Logging Node.js Reference
+
+ifndef::env-github[]
+include::./intro.asciidoc[Introduction]
+include::./morgan.asciidoc[Logging with Morgan]
+include::./pino.asciidoc[Logging with Pino]
+include::./winston.asciidoc[Logging with Winston]
+endif::[]
@@ -0,0 +1,33 @@
+[[intro]]
+== Introduction
+
+beta::[]
+
+Node.js ECS loggers are formatter plugins for your favorite logging libraries.
+They make it easy to format your logs into ECS-compatible JSON. In combination
+with https://www.elastic.co/products/beats/filebeat[filebeat] you can send your
+logs directly to Elasticsearch and leverage {observability-guide}/monitor-logs.html[Kibana's Logs app]
+to inspect all logs in one single place.
+
+The Node.js ECS logging formatters log structured JSON and support serialization
+of Error objects and HTTP Request and Response objects from Node.js core and
+popular web frameworks. A minimal log record includes the following fields:
+
+[source,json]
+----
+{
+  "@timestamp": "2021-01-13T21:32:38.095Z",
+  "log.level": "info",
+  "message": "hi",
+  "ecs": {"version":"1.5.0"}
+}
+----
+
+TIP: Want to learn more about ECS, ECS logging, and other available language plugins?
+See the {ecs-logging-ref}/intro.html[ECS logging guide].
+
+Ready to jump into Node.js ECS logging?
+
+- <<morgan,ECS Logging with Morgan>>
+- <<pino,ECS Logging with Pino>>
+- <<winston,ECS Logging with Winston>>
@@ -0,0 +1,197 @@
+[[morgan]]
+== ECS Logging with Morgan
+
+This Node.js package provides a formatter for the https://github.com/expressjs/morgan#readme[morgan]
+logging middleware -- commonly used with Express -- compatible with
+{ecs-logging-ref}/intro.html[Elastic Common Schema (ECS) logging].
+In combination with the https://www.elastic.co/beats/filebeat[Filebeat] shipper,
+you can https://www.elastic.co/log-monitoring[monitor all your logs] in one
+place in the Elastic Stack.
+
+
+[float]
+=== Setup
+
+[float]
+[[morgan-setup-step-1]]
+==== Step 1: Install
+
+[source,cmd]
+----
+$ npm install @elastic/ecs-morgan-format
+----
+
+
+[float]
+[[morgan-setup-step-2]]
+==== Step 2: Configure
+
+[source,js]
+----
+const app = require('express')()
+const morgan = require('morgan')
+const ecsFormat = require('@elastic/ecs-morgan-format')
+
+app.use(morgan(ecsFormat())) <1>
+
+// ...
+app.get('/', function (req, res) {
+  res.send('hello, world!')
+})
+app.listen(3000)
+----
+<1> Pass the ECS formatter to `morgan()`.
+
+
+[float]
+[[morgan-setup-step-3]]
+==== Step 3: Configure Filebeat
+
+The best way to collect the logs once they are ECS-formatted is with {filebeat-ref}[Filebeat]:
+
+include::{ecs-repo-dir}/setup.asciidoc[tag=configure-filebeat]
+
+
+[float]
+[[morgan-usage]]
+=== Usage
+
+[source,js]
+----
+const app = require('express')()
+const morgan = require('morgan')
+const ecsFormat = require('@elastic/ecs-morgan-format')
+
+app.use(morgan(ecsFormat()))
+
+app.get('/', function (req, res) {
+  res.send('hello, world!')
+})
+app.get('/error', function (req, res, next) {
+  next(new Error('boom'))
+})
+
+app.listen(3000)
+----
+
+Running this script (the full example is https://github.com/elastic/ecs-logging-nodejs/blob/master/loggers/morgan/examples/express.js[here])
+and making a request (via `curl -i localhost:3000/`) will produce log output
+similar to the following:
+
+[source,cmd]
+----
+% node examples/express.js | jq .  # piping to jq for pretty-printing
+{
+  "@timestamp": "2021-01-16T00:03:23.279Z",
+  "log.level": "info",
+  "message": "::1 - - [16/Jan/2021:00:03:23 +0000] \"GET / HTTP/1.1\" 200 13 \"-\" \"curl/7.64.1\"",
+  "ecs": {
+    "version": "1.5.0"
+  },
+  "http": {
+    "version": "1.1",
+    "request": {
+      "method": "get",
+      "headers": {
+        "host": "localhost:3000",
+        "accept": "*/*"
+      }
+    },
+    "response": {
+      "status_code": 200,
+      "headers": {
+        "x-powered-by": "Express",
+        "content-type": "text/html; charset=utf-8",
+        "etag": "W/\"d-HwnTDHB9U/PRbFMN1z1wps51lqk\""
+      },
+      "body": {
+        "bytes": 13
+      }
+    }
+  },
+  "url": {
+    "path": "/",
+    "domain": "localhost",
+    "full": "http://localhost:3000/"
+  },
+  "user_agent": {
+    "original": "curl/7.64.1"
+  }
+}
+----
+
+[float]
+[[morgan-format-options]]
+=== Format Options
+
+You can pass any https://github.com/expressjs/morgan#morganformat-options[`format` argument]
+you would normally pass to `morgan()`, and the log "message" field will use the
+specified format. The default is https://github.com/expressjs/morgan#combined[`combined`].
+
+[source,js]
+----
+const app = require('express')()
+const morgan = require('morgan')
+const ecsFormat = require('@elastic/ecs-morgan-format')
+
+app.use(morgan(ecsFormat('tiny'))) <1>
+// ...
+----
+
+[float]
+[[morgan-log-level]]
+=== log.level
+
+The `log.level` field will be "error" for response codes >= 500, otherwise
+"info". For example, running  https://github.com/elastic/ecs-logging-nodejs/blob/master/loggers/morgan/examples/express.js[examples/express.js]
+again, a `curl -i localhost:3000/error` will yield:
+
+[source,cmd]
+----
+% node examples/express.js | jq .
+{
+  "@timestamp": "2021-01-18T17:52:12.810Z",
+  "log.level": "error",
+  "message": "::1 - - [18/Jan/2021:17:52:12 +0000] \"GET /error HTTP/1.1\" 500 1416 \"-\" \"curl/7.64.1\"",
+  "http": {
+    "response": {
+      "status_code": 500,
+  ...
+----
+
+
+[float]
+[[morgan-apm]]
+=== Integration with APM Tracing
+
+This ECS log formatter integrates with https://www.elastic.co/apm[Elastic APM] tracing.
+If your Node app is using the {apm-node-ref}/intro.html[Node.js Elastic APM Agent],
+then fields are added to log records that {ecs-ref}/ecs-tracing.html[identify an active trace] and the configured service name
+({ecs-ref}/ecs-service.html#field-service-name["service.name"] and
+{ecs-ref}/ecs-event.html#field-event-dataset["event.dataset"]).
+These fields allow cross linking between traces and logs in Kibana and support
+log anomaly detection.
+
+For example, running https://github.com/elastic/ecs-logging-nodejs/blob/master/loggers/morgan/examples/express-with-apm.js[examples/express-with-apm.js] and `curl -i localhost:3000/` results in a log record with the following:
+
+[source,cmd]
+----
+% node examples/express-with-apm.js | jq .
+{
+  ...
+  "event": {
+    "dataset": "express-with-elastic-apm.log"
+  },
+  "trace": {
+    "id": "e097193afa9ac221017b45a1f674601c"
+  },
+  "transaction": {
+    "id": "c6aa5b47e01bad72"
+  },
+  "service": {
+    "name": "express-with-elastic-apm"
+  }
+}
+----
+
+These IDs match trace data reported by the APM agent.