fluent-plugins-nursery / Fluent Plugin Concat
Licence: mit
Fluentd Filter plugin to concatenate multiline log separated in multiple events.
Stars: ✭ 78
Programming Languages
ruby
36898 projects - #4 most used programming language
Labels
Projects that are alternatives of or similar to Fluent Plugin Concat
Fluent Plugin S3
Amazon S3 input and output plugin for Fluentd
Stars: ✭ 276 (+253.85%)
Mutual labels: fluentd
Loghouse
Ready to use log management solution for Kubernetes storing data in ClickHouse and providing web UI.
Stars: ✭ 805 (+932.05%)
Mutual labels: fluentd
Fluent Bit Go Loki
[Deprecated] The predessor of fluent-bit output plugin for Loki. https://github.com/grafana/loki
Stars: ✭ 38 (-51.28%)
Mutual labels: fluentd
Elk Kubernetes
This repo shows how to configure complete EFK stack on top of Kubernetes
Stars: ✭ 294 (+276.92%)
Mutual labels: fluentd
Fluent Plugin Kafka
Kafka input and output plugin for Fluentd
Stars: ✭ 268 (+243.59%)
Mutual labels: fluentd
Fluent Plugin Splunk Hec
This is the Fluentd output plugin for sending events to Splunk via HEC.
Stars: ✭ 56 (-28.21%)
Mutual labels: fluentd
Presentations
📊Presentations from the CNCF community to share and reuse
Stars: ✭ 566 (+625.64%)
Mutual labels: fluentd
Vector Test Harness
End-to-end test harness for the Vector observability data router
Stars: ✭ 32 (-58.97%)
Mutual labels: fluentd
Fluent Logger Golang
A structured logger for Fluentd (Golang)
Stars: ✭ 294 (+276.92%)
Mutual labels: fluentd
Led
LED ( Logs Explorer for Docker ) is a tool used for visualizing and exploring docker container logs
Stars: ✭ 13 (-83.33%)
Mutual labels: fluentd
Ansible Elk
📊 Ansible playbook for setting up an ELK/EFK stack and clients.
Stars: ✭ 284 (+264.1%)
Mutual labels: fluentd
Fluent Logger Perl
A structured logger for Fluentd (Perl)
Stars: ✭ 41 (-47.44%)
Mutual labels: fluentd
Aws Fluent Plugin Kinesis
Fluent Plugin for Amazon Kinesis
Stars: ✭ 272 (+248.72%)
Mutual labels: fluentd
Fluentd Sidecar Injector
Webhook server for kubernetes admission webhook to inject fluentd as sidecar
Stars: ✭ 22 (-71.79%)
Mutual labels: fluentd
fluent-plugin-concat
Fluentd Filter plugin to concatenate multiline log separated in multiple events.
Requirements
| fluent-plugin-concat | fluentd | ruby |
|---|---|---|
| >= 2.0.0 | >= v0.14.0 | >= 2.1 |
| < 2.0.0 | >= v0.12.0 | >= 1.9 |
Installation
Add this line to your application's Gemfile:
gem 'fluent-plugin-concat'
And then execute:
$ bundle
Or install it yourself as:
$ gem install fluent-plugin-concat
Configuration
Example
<filter docker.log>
@type concat
key loga
#separator "\n"
n_lines 10
#multiline_start_regexp /^Start/
#multiline_end_regexp /^End/
#continuous_line_regexp nil
#stream_identity_key nil
#flush_interval 60
#timeout_label nil
#use_first_timestamp false
#partial_key nil
#partial_value nil
#keep_partial_key false
#use_partial_metadata false
#keep_partial_metadata false
#partial\_metadata\_format docker-fluentd
</filter>
Parameter
| parameter | description | default |
|---|---|---|
| key | The key for part of multiline log | |
| separator | The separator of lines | "\n" |
| n_lines | The number of lines. This is exclusive with multiline_start_regex
|
nil |
| multiline_start_regexp | The regexp to match beginning of multiline. This is exclusive with n_lines
|
nil |
| multiline_end_regexp | The regexp to match ending of multiline.This is exclusive with n_lines
|
nil |
| continuous_line_regexp | The regexp to match continuous lines.This is exclusive with n_lines
|
nil |
| stream_identity_key | The key to determine which stream an event belongs to | nil |
| flush_interval | The number of seconds after which the last received event log will be flushed.If specified 0, wait for next line foreverr | 60 |
| timeout_label | The label name to handle events caused by timeout | nil |
| use_first_timestamp | Use timestamp of first record when buffer is flushed | false |
| partial_key | The field name that is the reference to concatenate records | nil |
| partial_value | The value stored in the field specified by partial_key that represent partial log | nil |
| keep_partial_key | If true, keep partial_key in concatenated records | false |
| use_partial_metadata | Use partial metadata to concatenate multiple records | false |
| keep_partial_metadata | If true, keep partial metadata | false |
| partial_metadata_format | Input format of the partial metadata (fluentd or journald docker log driver) ( docker-fluentd, docker-journald, docker-journald-lowercase)Configure based on the input plugin, that is used. The docker fluentd and journald log drivers are behaving differently, so the plugin needs to know, what to look for. Use docker-journald-lowercase, if you have fields_lowercase true in the journald source config |
docker-fluentd |
Usage
Every 10 events will be concatenated into one event.
<filter docker.log>
@type concat
key message
n_lines 10
</filter>
Specify first line of multiline by regular expression.
<filter docker.log>
@type concat
key message
multiline_start_regexp /^Start/
</filter>
You can handle timeout events and remaining buffers on shutdown this plugin.
<label @ERROR>
<match docker.log>
@type file
path /path/to/error.log
</match>
</label>
Handle timeout log lines the same as normal logs.
<filter **>
@type concat
key message
multiline_start_regexp /^Start/
flush_interval 5
timeout_label @NORMAL
</filter>
<match **>
@type relabel
@label @NORMAL
</match>
<label @NORMAL>
<match **>
@type stdout
</match>
</label>
Handle single line JSON from Docker containers.
<filter **>
@type concat
key message
multiline_end_regexp /\n$/
</filter>
Handle Docker logs splitted in several parts (using partial_message), and do not add new line between parts.
<filter>
@type concat
key log
partial_key partial_message
partial_value true
separator ""
</filter>
(Docker v19.03+) Handle Docker logs splitted in several parts (using use_partial_metadata), and do not add new line between parts.
<filter>
@type concat
key log
use_partial_metadata true
separator ""
</filter>
(Docker v20.10+) Handle Docker logs splitted in several parts (using use_partial_metadata), and do not add new line between parts.
Docker v20.10 improved partial message handling by adding better metadata in the journald log driver, this works now similarily to the fluentd log driver, but requires one additional setting
<filter>
@type concat
key log
use_partial_metadata true
partial_metadata_format docker-journald
separator ""
</filter>
Handle Docker logs splitted in several parts (using newline detection), and do not add new line between parts (prior to Docker 18.06).
<filter **>
@type concat
key log
multiline_end_regexp /\\n$/
separator ""
</filter>
Handle containerd/cri in Kubernetes.
<source>
@type tail
path /var/log/containers/*.log
<parse>
@type regexp
expression /^(?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+Z) (?<output>\w+) (?<partial_flag>[FP]) (?<message>.+)$/
</parse>
tag k8s
@label @CONCAT
</source>
<label @CONCAT>
<filter k8s>
@type concat
key message
partial_key partial_flag
partial_value P
</filter>
<match k8s>
@type relabel
@label @OUTPUT
</match>
</label>
<label @OUTPUT>
<match>
@type stdout
</match>
</label>
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
License
The gem is available as open source under the terms of the MIT License.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].