Fluentd
1.0
Search…
⌃K

Routing Examples

This article shows configuration samples for typical routing scenarios.

Simple: Input -> Filter -> Output

<source>
@type forward
</source>
<filter app.**>
@type record_transformer
<record>
hostname "#{Socket.gethostname}"
</record>
</filter>
<match app.**>
@type file
# ...
</match>

Two Inputs: forward and tail

<source>
@type forward
</source>
<source>
@type tail
tag system.logs
# ...
</source>
<filter app.**>
@type record_transformer
<record>
hostname "#{Socket.gethostname}"
</record>
</filter>
<match {app.**,system.logs}>
@type file
# ...
</match>
If you want to separate the data pipelines for each source, use Label.

With Label: Input -> Filter -> Output

Label reduces complex tag handling by separating data pipelines.
<source>
@type forward
</source>
<source>
@type dstat
@label @METRICS # dstat events are routed to <label @METRICS>
# ...
</source>
<filter app.**>
@type record_transformer
<record>
# ...
</record>
</filter>
<match app.**>
@type file
# ...
</match>
<label @METRICS>
<match **>
@type elasticsearch
# ...
</match>
</label>

Reroute Event by Tag

Use fluent-plugin-route plugin. This plugin rewrites tag and re-emit events to other match or Label.
<match worker.**>
@type route
remove_tag_prefix worker
add_tag_prefix metrics.event
<route **>
copy # For fall-through. Without copy, routing is stopped here.
</route>
<route **>
copy
@label @BACKUP
</route>
</match>
<match metrics.event.**>
@type stdout
</match>
<label @BACKUP>
<match metrics.event.**>
@type file
path /var/log/fluent/backup
</match>
</label>

Re-route Event by Record Content

<source>
@type forward
</source>
# event example: app.logs {"message":"[info]: ..."}
<match app.**>
@type rewrite_tag_filter
<rule>
key message
pattern ^\[(\w+)\]
tag $1.${tag}
</rule>
# more rules
</match>
# send mail when receives alert level logs
<match alert.app.**>
@type mail
# ...
</match>
# other logs are stored into a file
<match *.app.**>
@type file
# ...
</match>

Re-route Event to Other Label

Use out_relabel plugin. This plugin simply emits events to Label without rewriting the tag.
<source>
@type forward
</source>
<match app.**>
@type copy
<store>
@type forward
# ...
</store>
<store>
@type relabel
@label @NOTIFICATION
</store>
</match>
<label @NOTIFICATION>
<filter app.**>
@type grep
regexp1 message ERROR
</filter>
<match app.**>
@type mail
</match>
</label>
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Previous
Config File Syntax (YAML)
Next
Config: Common Parameters
Last modified 1yr ago