Fluentd
Search…
Routing Examples
This article shows configuration samples for typical routing scenarios.
Simple: Input -> Filter -> Output
Input -> Filter -> Output1
<source>
2
@type forward
3
</source>
4
​
5
<filter app.**>
6
@type record_transformer
7
<record>
8
hostname "#{Socket.gethostname}"
9
</record>
10
</filter>
11
​
12
<match app.**>
13
@type file
14
# ...
15
</match>
Copied!
Two Inputs: forward and tail
forward and tail1
<source>
2
@type forward
3
</source>
4
​
5
<source>
6
@type tail
7
tag system.logs
8
# ...
9
</source>
10
​
11
<filter app.**>
12
@type record_transformer
13
<record>
14
hostname "#{Socket.gethostname}"
15
</record>
16
</filter>
17
​
18
<match {app.**,system.logs}>
19
@type file
20
# ...
21
</match>
Copied!
If you want to separate the data pipelines for each source, use Label.
With Label: Input -> Filter -> Output
Input -> Filter -> OutputLabel reduces complex
tag handling by separating data pipelines.1
<source>
2
@type forward
3
</source>
4
​
5
<source>
6
@type dstat
7
@label @METRICS # dstat events are routed to <label @METRICS>
8
# ...
9
</source>
10
​
11
<filter app.**>
12
@type record_transformer
13
<record>
14
# ...
15
</record>
16
</filter>
17
​
18
<match app.**>
19
@type file
20
# ...
21
</match>
22
​
23
<label @METRICS>
24
<match **>
25
@type elasticsearch
26
# ...
27
</match>
28
</label>
Copied!
Reroute Event by Tag
Use fluent-plugin-route plugin. This plugin rewrites
tag and re-emit events to other match or Label.1
<match worker.**>
2
@type route
3
remove_tag_prefix worker
4
add_tag_prefix metrics.event
5
​
6
<route **>
7
copy # For fall-through. Without copy, routing is stopped here.
8
</route>
9
<route **>
10
copy
11
@label @BACKUP
12
</route>
13
</match>
14
​
15
<match metrics.event.**>
16
@type stdout
17
</match>
18
​
19
<label @BACKUP>
20
<match metrics.event.**>
21
@type file
22
path /var/log/fluent/backup
23
</match>
24
</label>
Copied!
Re-route Event by Record Content
1
<source>
2
@type forward
3
</source>
4
​
5
# event example: app.logs {"message":"[info]: ..."}
6
<match app.**>
7
@type rewrite_tag_filter
8
<rule>
9
key message
10
pattern ^\[(\w+)\]
11
tag $1.${tag}
12
</rule>
13
# more rules
14
</match>
15
​
16
# send mail when receives alert level logs
17
<match alert.app.**>
18
@type mail
19
# ...
20
</match>
21
​
22
# other logs are stored into a file
23
<match *.app.**>
24
@type file
25
# ...
26
</match>
Copied!
Re-route Event to Other Label
1
<source>
2
@type forward
3
</source>
4
​
5
<match app.**>
6
@type copy
7
<store>
8
@type forward
9
# ...
10
</store>
11
<store>
12
@type relabel
13
@label @NOTIFICATION
14
</store>
15
</match>
16
​
17
<label @NOTIFICATION>
18
<filter app.**>
19
@type grep
20
regexp1 message ERROR
21
</filter>
22
​
23
<match app.**>
24
@type mail
25
</match>
26
</label>
Copied!
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Last modified 11mo ago