blob: 471bdeb5f834dcea5e7fa049b562c1b4bc0ba7b4 [file] [log] [blame]
Aleš Komárekac2c0fb2017-04-11 10:14:46 +02001===============
2Fluentd Formula
3===============
Michael Kutýe554d792014-04-12 21:54:46 +02004
Aleš Komárekac2c0fb2017-04-11 10:14:46 +02005Many web/mobile applications generate huge amount of event logs
6(c,f. login, logout, purchase, follow, etc). Analyzing these event
7logs can be quite valuable for improving services. However, collecting
8these logs easily and reliably is a challenging task.
Michael Kutýe554d792014-04-12 21:54:46 +02009
Aleš Komárekac2c0fb2017-04-11 10:14:46 +020010Fluentd solves the problem by having: easy installation, small footprint,
11plugins reliable buffering, log forwarding, etc.
Michael Kutýe554d792014-04-12 21:54:46 +020012
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +010013**NOTE: WORK IN PROGRES**
14NOTE: DESIGN OF THIS FORMULA IS NOT YET STABLE AND MAY CHANGE
15NOTE: FORMULA NOT COMPATIBLE WITH OLD VERSION
16
Aleš Komárekac2c0fb2017-04-11 10:14:46 +020017Sample Pillars
18==============
19
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +010020General pillar structure
21------------------------
22
Aleš Komárekac2c0fb2017-04-11 10:14:46 +020023.. code-block:: yaml
Michael Kutýe554d792014-04-12 21:54:46 +020024
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +010025 fluentd:
26 config:
27 label:
28 filename:
29 input:
30 input_name:
31 params
32 filter:
33 filter_name:
34 params
35 filter_name2:
36 params
37 match:
38 match_name:
39 params
40 input:
41 filename:
42 input_name:
43 params
44 input_name2:
45 params
46 filename2:
47 input_name3:
48 params
49 filter:
50 filename:
51 filter_name:
52 params
53 filter_name2:
54 params
55 filename2:
56 filter_name3:
57 params
58 match:
59 filename:
60 match_name:
61 params
Michael Kutýe554d792014-04-12 21:54:46 +020062
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +010063Example pillar
64--------------
65.. code-block:: yaml
Michael Kutýe554d792014-04-12 21:54:46 +020066
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +010067 fluentd:
68 enabled: true
69 config:
70 label:
71 monitoring:
72 filter:
73 parse_log:
74 tag: 'docker.monitoring.{alertmanager,remote_storage_adapter,prometheus}.*'
75 type: parser
76 reserve_data: true
77 key_name: log
78 parser:
79 type: regexp
80 format: >-
81 /^time="(?<time>[^ ]*)" level=(?<severity>[a-zA-Z]*) msg="(?<message>.+?)"/
82 time_format: '%FT%TZ'
83 remove_log_key:
84 tag: 'docker.monitoring.{alertmanager,remote_storage_adapter,prometheus}.*'
85 type: record_transformer
86 remove_keys: log
87 match:
88 docker_log:
89 tag: 'docker.**'
90 type: file
91 path: /tmp/flow-docker.log
92 grok_example:
93 input:
94 test_log:
95 type: tail
96 path: /var/log/test
97 tag: test.test
98 parser:
99 type: grok
100 custom_pattern_path: /etc/td-agent/config.d/global.grok
101 rule:
102 - pattern: >-
103 %{KEYSTONEACCESS}
104 syslog:
105 filter:
106 add_severity:
107 tag: 'syslog.*'
108 type: record_transformer
109 enable_ruby: true
110 record:
111 - name: severity
112 value: 'record["pri"].to_i - (record["pri"].to_i / 8).floor * 8'
113 severity_to_string:
114 tag: 'syslog.*'
115 type: record_transformer
116 enable_ruby: true
117 record:
118 - name: severity
119 value: '{"debug"=>7,"info"=>6,"notice"=>5,"warning"=>4,"error"=>3,"critical"=>2,"alert"=>1,"emerg"=>0}.key(record["severity"])'
120 severity_for_telegraf:
121 tag: 'syslog.*.telegraf'
122 type: parser
123 reserve_data: true
124 key_name: message
125 parser:
126 type: regexp
127 format: >-
128 /^(?<time>[^ ]*) (?<severity>[A-Z])! (?<message>.*)/
129 time_format: '%FT%TZ'
130 severity_for_telegraf_string:
131 tag: 'syslog.*.telegraf'
132 type: record_transformer
133 enable_ruby: true
134 record:
135 - name: severity
136 value: '{"debug"=>"D","info"=>"I","notice"=>"N","warning"=>"W","error"=>"E","critical"=>"C","alert"=>"A","emerg"=>"E"}.key(record["severity"])'
137 prometheus_metric:
138 tag: 'syslog.*.*'
139 type: prometheus
140 label:
141 - name: ident
142 type: variable
143 value: ident
144 - name: severity
145 type: variable
146 value: severity
147 metric:
148 - name: log_messages
149 type: counter
150 desc: The total number of log messages.
151 match:
152 rewrite_tag_key:
153 tag: 'syslog.*'
154 type: rewrite_tag_filter
155 rule:
156 - name: ident
157 regexp: '^(.*)'
158 result: '__TAG__.$1'
159 syslog_log:
160 tag: 'syslog.*.*'
161 type: file
162 path: /tmp/syslog
163 input:
164 syslog:
165 syslog_log:
166 type: tail
167 label: syslog
168 path: /var/log/syslog
169 tag: syslog.syslog
170 parser:
171 type: regexp
172 format: >-
173 '/^\<(?<pri>[0-9]+)\>(?<time>[^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/'
174 time_format: '%FT%T.%L%:z'
175 auth_log:
176 type: tail
177 label: syslog
178 path: /var/log/auth.log
179 tag: syslog.auth
180 parser:
181 type: regexp
182 format: >-
183 '/^\<(?<pri>[0-9]+)\>(?<time>[^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/'
184 time_format: '%FT%T.%L%:z'
185 prometheus:
186 prometheus:
187 type: prometheus
188 prometheus_monitor:
189 type: prometheus_monitor
190 prometheus_output_monitor:
191 type: prometheus_output_monitor
192 forward:
193 forward_listen:
194 type: forward
195 port: 24224
196 bind: 0.0.0.0
197 match:
198 docker_monitoring:
199 docker_monitoring:
200 tag: 'docker.monitoring.{alertmanager,remote_storage_adapter,prometheus}.*'
201 type: relabel
202 label: monitoring