Routing Examples

This article shows configuration samples for typical routing scenarios.
Simple: Input -> Filter -> Output
<source>
  @type forward
</source>
​
<filter app.**>
  @type record_transformer
  <record>
    hostname "#{Socket.gethostname}"
  </record>
</filter>
​
<match app.**>
  @type file
  # ...
</match>
Two Inputs: forward and tail
<source>
  @type forward
</source>
​
<source>
  @type tail
  tag system.logs
  # ...
</source>
​
<filter app.**>
  @type record_transformer
  <record>
    hostname "#{Socket.gethostname}"
  </record>
</filter>
​
<match {app.**,system.logs}>
  @type file
  # ...
</match>
If you want to separate the data pipelines for each source, use Label.
With Label: Input -> Filter -> Output
Label reduces complex tag handling by separating data pipelines.
<source>
  @type forward
</source>
​
<source>
  @type dstat
  @label @METRICS # dstat events are routed to <label @METRICS>
  # ...
</source>
​
<filter app.**>
  @type record_transformer
  <record>
    # ...
  </record>
</filter>
​
<match app.**>
  @type file
  # ...
</match>
​
<label @METRICS>
  <match **>
    @type elasticsearch
    # ...
  </match>
</label>
Reroute Event by Tag
Use fluent-plugin-route plugin. This plugin rewrites tag and re-emit events to other match or Label.
<match worker.**>
  @type route
  remove_tag_prefix worker
  add_tag_prefix metrics.event
​
  <route **>
    copy # For fall-through. Without copy, routing is stopped here. 
  </route>
  <route **>
    copy
    @label @BACKUP
  </route>
</match>
​
<match metrics.event.**>
  @type stdout
</match>
​
<label @BACKUP>
  <match metrics.event.**>
    @type file
    path /var/log/fluent/backup
  </match>
</label>
Re-route Event by Record Content
Use fluent-plugin-rewrite-tag-filter.
<source>
  @type forward
</source>
​
# event example: app.logs {"message":"[info]: ..."}
<match app.**>
  @type rewrite_tag_filter
  <rule>
    key message
    pattern ^\[(\w+)\]
    tag $1.${tag}
  </rule>
  # more rules
</match>
​
# send mail when receives alert level logs
<match alert.app.**>
  @type mail
  # ...
</match>
​
# other logs are stored into a file
<match *.app.**>
  @type file
  # ...
</match>
See also: out_rewrite_tag_filter​
Re-route Event to Other Label
Use out_relabel plugin. This plugin simply emits events to Label without rewriting the tag.
<source>
  @type forward
</source>
​
<match app.**>
  @type copy
  <store>
    @type forward
    # ...
  </store>
  <store>
    @type relabel
    @label @NOTIFICATION
  </store>
</match>
​
<label @NOTIFICATION>
  <filter app.**>
    @type grep
    regexp1 message ERROR
  </filter>
​
  <match app.**>
    @type mail
  </match>
</label>
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.

Config File Syntax (YAML)

Config: Common Parameters

Last modified 2yr ago

Routing Examples

Simple: `Input -> Filter -> Output`

Two Inputs: `forward` and `tail`

With Label: `Input -> Filter -> Output`

Reroute Event by Tag

Re-route Event by Record Content

Re-route Event to Other Label