Fluentd
Fluentd
Introduction
Overview
Installation
Configuration
Config File Syntax
Routing Examples
Config: Common Parameters
Config: Parse Section
Config: Buffer Section
Config: Format Section
Config: Extract Section
Config: Inject Section
Config: Transport Section
Config: Storage Section
Config: Service Discovery Section
Deployment
Container Deployment
Monitoring Fluentd
Input Plugins
Output Plugins
Filter Plugins
Parser Plugins
Formatter Plugins
Buffer Plugins
Storage Plugins
Service Discovery Plugins
How-to Guides
Language Bindings
Plugin Development
Plugin Helper API
Troubleshooting Guide
Powered by GitBook

Routing Examples

This article shows configuration samples for typical routing scenarios.

Simple: Input -> Filter -> Output

<source>
  @type forward
</source>
​
<filter app.**>
  @type record_transformer
  <record>
    hostname "#{Socket.gethostname}"
  </record>
</filter>
​
<match app.**>
  @type file
  # ...
</match>

Two Inputs: forward and tail

<source>
  @type forward
</source>
​
<source>
  @type tail
  tag system.logs
  # ...
</source>
​
<filter app.**>
  @type record_transformer
  <record>
    hostname "#{Socket.gethostname}"
  </record>
</filter>
​
<match {app.**,system.logs}>
  @type file
  # ...
</match>

If you want to separate the data pipelines for each source, use Label.

With Label: Input -> Filter -> Output

Label reduces complex tag handling by separating data pipelines.

<source>
  @type forward
</source>
​
<source>
  @type dstat
  @label @METRICS # dstat events are routed to <label @METRICS>
  # ...
</source>
​
<filter app.**>
  @type record_transformer
  <record>
    # ...
  </record>
</filter>
​
<match app.**>
  @type file
  # ...
</match>
​
<label @METRICS>
  <match **>
    @type elasticsearch
    # ...
  </match>
</label>

Reroute Event by Tag

Use fluent-plugin-route plugin. This plugin rewrites tag and re-emit events to other match or Label.

<match worker.**>
  @type route
  remove_tag_prefix worker
  add_tag_prefix metrics.event
​
  <route **>
    copy # For fall-through. Without copy, routing is stopped here. 
  </route>
  <route **>
    copy
    @label @BACKUP
  </route>
</match>
​
<match metrics.event.**>
  @type stdout
</match>
​
<label @BACKUP>
  <match metrics.event.**>
    @type file
    path /var/log/fluent/backup
  </match>
</label>

Re-route Event by Record Content

Use fluent-plugin-rewrite-tag-filter.

<source>
  @type forward
</source>
​
# event example: app.logs {"message":"[info]: ..."}
<match app.**>
  @type rewrite_tag_filter
  <rule>
    key message
    pattern ^\[(\w+)\]
    tag $1.${tag}
  </rule>
  # more rules
</match>
​
# send mail when receives alert level logs
<match alert.app.**>
  @type mail
  # ...
</match>
​
# other logs are stored into a file
<match *.app.**>
  @type file
  # ...
</match>

See also: out_rewrite_tag_filter​

Re-route Event to Other Label

Use out_relabel plugin. This plugin simply emits events to Label without rewriting the tag.

<source>
  @type forward
</source>
​
<match app.**>
  @type copy
  <store>
    @type forward
    # ...
  </store>
  <store>
    @type relabel
    @label @NOTIFICATION
  </store>
</match>
​
<label @NOTIFICATION>
  <filter app.**>
    @type grep
    regexp1 message ERROR
  </filter>
​
  <match app.**>
    @type mail
  </match>
</label>

If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.

Previous
Config File Syntax
Next
Config: Common Parameters
Last updated 2 months ago
Contents
Simple: Input -> Filter -> Output
Two Inputs: forward and tail
With Label: Input -> Filter -> Output
Reroute Event by Tag
Re-route Event by Record Content
Re-route Event to Other Label