Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / fluentd / 90c9348f2cabdc9c4f3debb222350ba12ec808ea / . / README.rst
blob: 3ee3d9c2811ee39a7f1793bde20e7ed9441daba3 [file] [log] [blame]
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]1===============
2Fluentd Formula
3===============
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]4
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]5Many web/mobile applications generate huge amount of event logs
6(c,f. login, logout, purchase, follow, etc). Analyzing these event
7logs can be quite valuable for improving services. However, collecting
8these logs easily and reliably is a challenging task.
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]9
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]10Fluentd solves the problem by having: easy installation, small footprint,
11plugins reliable buffering, log forwarding, etc.
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]12
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]13**NOTE: WORK IN PROGRES**
14NOTE: DESIGN OF THIS FORMULA IS NOT YET STABLE AND MAY CHANGE
15NOTE: FORMULA NOT COMPATIBLE WITH OLD VERSION
16
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]17Sample Pillars
18==============
19
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]20General pillar structure
21------------------------
22
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]23.. code-block:: yaml
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]24
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]25 fluentd:
26 config:
27 label:
28 filename:
29 input:
30 input_name:
31 params
32 filter:
33 filter_name:
34 params
35 filter_name2:
36 params
37 match:
38 match_name:
39 params
40 input:
41 filename:
42 input_name:
43 params
44 input_name2:
45 params
46 filename2:
47 input_name3:
48 params
49 filter:
50 filename:
51 filter_name:
52 params
53 filter_name2:
54 params
55 filename2:
56 filter_name3:
57 params
58 match:
59 filename:
60 match_name:
61 params
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]62
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]63Example pillar
64--------------
65.. code-block:: yaml
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]66
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]67 fluentd:
68 enabled: true
69 config:
70 label:
Oleksii Molchanovbd7f2712021-10-21 16:19:04 +0300[diff] [blame]71 elasticsearch_output:
72 match:
73 elasticsearch_output:
74 tag: "**"
75 type: elasticsearch
76 host: 10.100.0.1
77 port: 9200
78 buffer:
79 flush_thread_count: 8
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]80 monitoring:
81 filter:
82 parse_log:
83 tag: 'docker.monitoring.{alertmanager,remote_storage_adapter,prometheus}.*'
84 type: parser
85 reserve_data: true
86 key_name: log
87 parser:
88 type: regexp
89 format: >-
90 /^time="(?<time>[^ ]*)" level=(?<severity>[a-zA-Z]*) msg="(?<message>.+?)"/
91 time_format: '%FT%TZ'
92 remove_log_key:
93 tag: 'docker.monitoring.{alertmanager,remote_storage_adapter,prometheus}.*'
94 type: record_transformer
95 remove_keys: log
96 match:
97 docker_log:
98 tag: 'docker.**'
99 type: file
100 path: /tmp/flow-docker.log
101 grok_example:
102 input:
103 test_log:
104 type: tail
105 path: /var/log/test
106 tag: test.test
107 parser:
108 type: grok
109 custom_pattern_path: /etc/td-agent/config.d/global.grok
110 rule:
111 - pattern: >-
112 %{KEYSTONEACCESS}
113 syslog:
114 filter:
115 add_severity:
116 tag: 'syslog.*'
117 type: record_transformer
118 enable_ruby: true
119 record:
120 - name: severity
121 value: 'record["pri"].to_i - (record["pri"].to_i / 8).floor * 8'
122 severity_to_string:
123 tag: 'syslog.*'
124 type: record_transformer
125 enable_ruby: true
126 record:
127 - name: severity
128 value: '{"debug"=>7,"info"=>6,"notice"=>5,"warning"=>4,"error"=>3,"critical"=>2,"alert"=>1,"emerg"=>0}.key(record["severity"])'
129 severity_for_telegraf:
130 tag: 'syslog.*.telegraf'
131 type: parser
132 reserve_data: true
133 key_name: message
134 parser:
135 type: regexp
136 format: >-
137 /^(?<time>[^ ]*) (?<severity>[A-Z])! (?<message>.*)/
138 time_format: '%FT%TZ'
139 severity_for_telegraf_string:
140 tag: 'syslog.*.telegraf'
141 type: record_transformer
142 enable_ruby: true
143 record:
144 - name: severity
145 value: '{"debug"=>"D","info"=>"I","notice"=>"N","warning"=>"W","error"=>"E","critical"=>"C","alert"=>"A","emerg"=>"E"}.key(record["severity"])'
146 prometheus_metric:
147 tag: 'syslog.*.*'
148 type: prometheus
149 label:
150 - name: ident
151 type: variable
152 value: ident
153 - name: severity
154 type: variable
155 value: severity
156 metric:
157 - name: log_messages
158 type: counter
159 desc: The total number of log messages.
160 match:
161 rewrite_tag_key:
162 tag: 'syslog.*'
163 type: rewrite_tag_filter
164 rule:
165 - name: ident
166 regexp: '^(.*)'
167 result: '__TAG__.$1'
168 syslog_log:
169 tag: 'syslog.*.*'
170 type: file
171 path: /tmp/syslog
172 input:
173 syslog:
174 syslog_log:
175 type: tail
176 label: syslog
177 path: /var/log/syslog
178 tag: syslog.syslog
179 parser:
180 type: regexp
181 format: >-
182 '/^\<(?<pri>[0-9]+)\>(?<time>[^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/'
183 time_format: '%FT%T.%L%:z'
184 auth_log:
185 type: tail
186 label: syslog
187 path: /var/log/auth.log
188 tag: syslog.auth
189 parser:
190 type: regexp
191 format: >-
192 '/^\<(?<pri>[0-9]+)\>(?<time>[^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/'
193 time_format: '%FT%T.%L%:z'
194 prometheus:
195 prometheus:
196 type: prometheus
197 prometheus_monitor:
198 type: prometheus_monitor
199 prometheus_output_monitor:
200 type: prometheus_output_monitor
201 forward:
202 forward_listen:
203 type: forward
204 port: 24224
205 bind: 0.0.0.0
206 match:
207 docker_monitoring:
208 docker_monitoring:
209 tag: 'docker.monitoring.{alertmanager,remote_storage_adapter,prometheus}.*'
210 type: relabel
211 label: monitoring