Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / fluentd / 9322087621499b96c86986243a808a97b3076d1c / . / README.rst
blob: d20c539a7f3e754b410688a64a1ff274bfd93456 [file] [log] [blame]
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]1===============
2Fluentd Formula
3===============
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]4
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]5Many web/mobile applications generate huge amount of event logs
6(c,f. login, logout, purchase, follow, etc). Analyzing these event
7logs can be quite valuable for improving services. However, collecting
8these logs easily and reliably is a challenging task.
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]9
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]10Fluentd solves the problem by having: easy installation, small footprint,
11plugins reliable buffering, log forwarding, etc.
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]12
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]13**NOTE: WORK IN PROGRES**
14NOTE: DESIGN OF THIS FORMULA IS NOT YET STABLE AND MAY CHANGE
15NOTE: FORMULA NOT COMPATIBLE WITH OLD VERSION
16
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]17Sample Pillars
18==============
19
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]20General pillar structure
21------------------------
22
Aleš Komárekac2c0fb2017-04-11 10:14:46 +0200[diff] [blame]23.. code-block:: yaml
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]24
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]25 fluentd:
Oleksii Molchanov3243e332022-02-14 17:38:49 +0200[diff] [blame]26 agent:
27 config:
28 label:
29 filename:
30 input:
31 input_name:
32 params
33 filter:
34 filter_name:
35 params
36 filter_name2:
37 params
38 match:
39 match_name:
40 params
41 input:
42 filename:
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]43 input_name:
44 params
Oleksii Molchanov3243e332022-02-14 17:38:49 +0200[diff] [blame]45 input_name2:
46 params
47 filename2:
48 input_name3:
49 params
50 filter:
51 filename:
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]52 filter_name:
53 params
54 filter_name2:
55 params
Oleksii Molchanov3243e332022-02-14 17:38:49 +0200[diff] [blame]56 filename2:
57 filter_name3:
58 params
59 match:
60 filename:
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]61 match_name:
62 params
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]63
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]64Example pillar
65--------------
66.. code-block:: yaml
Michael Kutýe554d792014-04-12 21:54:46 +0200[diff] [blame]67
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]68 fluentd:
69 enabled: true
Oleksii Molchanov3243e332022-02-14 17:38:49 +0200[diff] [blame]70 agent:
71 multiworker:
72 worker_count: 4
73 config:
74 label:
75 elasticsearch_output:
76 worker: 0
77 match:
78 elasticsearch_output:
79 tag: "**"
80 type: elasticsearch
81 host: 10.100.0.1
82 port: 9200
83 buffer:
84 flush_thread_count: 8
Oleksii Molchanov93220872023-01-31 19:26:56 +0200[diff] [blame^]85 reload_connections: false
Oleksii Molchanov3243e332022-02-14 17:38:49 +0200[diff] [blame]86 monitoring:
87 worker: '0-2'
88 filter:
89 parse_log:
90 tag: 'docker.monitoring.{alertmanager,remote_storage_adapter,prometheus}.*'
91 type: parser
92 reserve_data: true
93 key_name: log
94 parser:
95 type: regexp
96 format: >-
97 /^time="(?<time>[^ ]*)" level=(?<severity>[a-zA-Z]*) msg="(?<message>.+?)"/
98 time_format: '%FT%TZ'
99 remove_log_key:
100 tag: 'docker.monitoring.{alertmanager,remote_storage_adapter,prometheus}.*'
101 type: record_transformer
102 remove_keys: log
103 match:
104 docker_log:
105 tag: 'docker.**'
106 type: file
107 path: /tmp/flow-docker.log
108 grok_example:
109 input:
110 test_log:
111 type: tail
112 path: /var/log/test
113 tag: test.test
114 parser:
115 type: grok
116 custom_pattern_path: /etc/td-agent/config.d/global.grok
117 rule:
118 - pattern: >-
119 %{KEYSTONEACCESS}
120 syslog:
121 filter:
122 add_severity:
123 tag: 'syslog.*'
124 type: record_transformer
125 enable_ruby: true
126 record:
127 - name: severity
128 value: 'record["pri"].to_i - (record["pri"].to_i / 8).floor * 8'
129 severity_to_string:
130 tag: 'syslog.*'
131 type: record_transformer
132 enable_ruby: true
133 record:
134 - name: severity
135 value: '{"debug"=>7,"info"=>6,"notice"=>5,"warning"=>4,"error"=>3,"critical"=>2,"alert"=>1,"emerg"=>0}.key(record["severity"])'
136 severity_for_telegraf:
137 tag: 'syslog.*.telegraf'
138 type: parser
139 reserve_data: true
140 key_name: message
141 parser:
142 type: regexp
143 format: >-
144 /^(?<time>[^ ]*) (?<severity>[A-Z])! (?<message>.*)/
145 time_format: '%FT%TZ'
146 severity_for_telegraf_string:
147 tag: 'syslog.*.telegraf'
148 type: record_transformer
149 enable_ruby: true
150 record:
151 - name: severity
152 value: '{"debug"=>"D","info"=>"I","notice"=>"N","warning"=>"W","error"=>"E","critical"=>"C","alert"=>"A","emerg"=>"E"}.key(record["severity"])'
153 prometheus_metric:
154 tag: 'syslog.*.*'
155 type: prometheus
156 label:
157 - name: ident
158 type: variable
159 value: ident
160 - name: severity
161 type: variable
162 value: severity
163 metric:
164 - name: log_messages
165 type: counter
166 desc: The total number of log messages.
167 match:
168 rewrite_tag_key:
169 tag: 'syslog.*'
170 type: rewrite_tag_filter
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]171 rule:
Oleksii Molchanov3243e332022-02-14 17:38:49 +0200[diff] [blame]172 - name: ident
173 regexp: '^(.*)'
174 result: '__TAG__.$1'
175 syslog_log:
176 tag: 'syslog.*.*'
177 type: file
178 path: /tmp/syslog
179 input:
180 syslog:
181 syslog_log:
182 type: tail
183 label: syslog
184 path: /var/log/syslog
185 tag: syslog.syslog
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]186 parser:
187 type: regexp
188 format: >-
Oleksii Molchanov3243e332022-02-14 17:38:49 +0200[diff] [blame]189 '/^\<(?<pri>[0-9]+)\>(?<time>[^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/'
190 time_format: '%FT%T.%L%:z'
191 auth_log:
192 type: tail
193 label: syslog
194 path: /var/log/auth.log
195 tag: syslog.auth
196 parser:
197 type: regexp
198 format: >-
199 '/^\<(?<pri>[0-9]+)\>(?<time>[^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/'
200 time_format: '%FT%T.%L%:z'
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]201 prometheus:
Oleksii Molchanov3243e332022-02-14 17:38:49 +0200[diff] [blame]202 prometheus:
203 type: prometheus
204 prometheus_monitor:
205 type: prometheus_monitor
206 prometheus_output_monitor:
207 type: prometheus_output_monitor
208 forward:
209 forward_listen:
210 type: forward
211 port: 24224
212 bind: 0.0.0.0
213 match:
Bartosz Kupiduraaefd0392017-11-06 09:27:40 +0100[diff] [blame]214 docker_monitoring:
215 tag: 'docker.monitoring.{alertmanager,remote_storage_adapter,prometheus}.*'
216 type: relabel
217 label: monitoring