Fluentd
Search…
0.12
Introduction
Overview
Use Cases
Configuration
Deployment
Container Deployment
Input Plugins
Output Plugins
Buffer Plugins
Filter Plugins
Parser Plugins
Formatter Plugins
Developer
Articles
Store Apache Logs into MongoDB
Apache To Riak
Store Apache Logs into Amazon S3
Before Install
Cep Norikra
Collect Glusterfs Logs
Common Log Formats
Docker Logging Efk Compose
Docker Logging
Filter Modify Apache
Forwarding Over Ssl
Free Alternative To Splunk By Fluentd
Data Collection to Hadoop (HDFS)
Data Analytics with Treasure Data
Install By Chef
Install By Deb
Install By Dmg
Install By Gem
Install By Rpm
Install From Source
Install On Beanstalk
Install On Heroku
Java
Kinesis Stream
Kubernetes Fluentd
Monitoring Prometheus
Monitoring Rest Api
Nodejs
Performance Tuning Multi Process
Performance Tuning Single Process
Perl
Php
Python
Quickstart
Raspberrypi Cloud Data Logger
Recipe Apache Logs To Elasticsearch
Recipe Apache Logs To Mongo
Recipe Apache Logs To S3
Recipe Apache Logs To Treasure Data
Recipe Cloudstack To Mongodb
Recipe Csv To Elasticsearch
Recipe Csv To Mongo
Recipe Csv To S3
Recipe Csv To Treasure Data
Recipe Http Rest Api To Elasticsearch
Recipe Http Rest Api To Mongo
Recipe Http Rest Api To S3
Recipe Http Rest Api To Treasure Data
Recipe Json To Elasticsearch
Recipe Json To Mongo
Recipe Json To S3
Recipe Json To Treasure Data
Recipe Nginx To Elasticsearch
Recipe Nginx To Mongo
Recipe Nginx To S3
Recipe Nginx To Treasure Data
Recipe Syslog To Elasticsearch
Recipe Syslog To Mongo
Recipe Syslog To S3
Recipe Syslog To Treasure Data
Recipe Tsv To Elasticsearch
Recipe Tsv To Mongo
Recipe Tsv To S3
Recipe Tsv To Treasure Data
Ruby
Scala
Splunk Like Grep And Alert Email
Powered By GitBook
Common Log Formats
This page is a glossary of common log formats that can be parsed with the Tail input plugin.
    Apache Access Log
    Use format apache2 as shown below:
    1
    <source>
    2
    @type tail
    3
    format apache2
    4
    tag apache.access
    5
    path /var/log/apache2/access.log
    6
    </source>
    Copied!
    Apache Error Log
    Use a regular expression. See the format field in the following sample configuration.
    1
    <source>
    2
    @type tail
    3
    format /^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\] \[pid (?<pid>[^\]]*)\] \[client (?<client>[^\]]*)\] (?<message>.*)$/
    4
    tag apache.error
    5
    path /var/log/apache2/error.log
    6
    </source>
    Copied!
    Depending on your particular error log format, you may need to adjust the regular expression above. You can test your format using fluentd-ui's in_tail editor or Fluentular.
    Maillog
    Use a regular expression. See the format field in the following sample configuration.
    1
    <source>
    2
    @type tail
    3
    format /^(?<time>[^ ]+) (?<host>[^ ]+) (?<process>[^:]+): (?<message>((?<key>[^ :]+)[ :])? ?((to|from)=<(?<address>[^>]+)>)?.*)$/
    4
    tag postfix.maillog
    5
    path /var/log/maillog
    6
    </source>
    Copied!
    Nginx Access Log
    Use format nginx as shown below:
    1
    <source>
    2
    @type tail
    3
    format nginx
    4
    tag nginx.access
    5
    path /var/log/nginx/access.log
    6
    </source>
    Copied!
    Nginx Error Log
    Use the format* and multiline_flush_interval fields in the following sample configuration. Applications running under Nginx can output multi-line errors including stack traces, so the multiline mode is a good fit.
    1
    <source>
    2
    @type tail
    3
    tag nginx.error
    4
    path /var/log/nginx/error.log
    5
    ​
    6
    format multiline
    7
    format_firstline /^\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2} \[\w+\] (?<pid>\d+).(?<tid>\d+): /
    8
    format1 /^(?<time>\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}) \[(?<log_level>\w+)\] (?<pid>\d+).(?<tid>\d+): (?<message>.*)/
    9
    multiline_flush_interval 3s
    10
    </source>
    Copied!
    If you know your error log will only contain single lines, you can use the below simpler configuration with just a format.
    1
    <source>
    2
    @type tail
    3
    format /^(?<time>\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}) \[(?<log_level>\w+)\] (?<pid>\d+).(?<tid>\d+): (?<message>.*)$/
    4
    tag nginx.error
    5
    path /var/log/nginx/error.log
    6
    </source>
    Copied!
    GlusterFS Logs
    Use the GlusterFS input plugin.​

Do you not see what you are looking for?

Give us a shout on GitHub, Twitter or the mailing list. Better yet, we always welcome a pull request!
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is a open source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Previous
Collect Glusterfs Logs
Next
Docker Logging Efk Compose
Last modified 2yr ago
Copy link
Contents
Do you not see what you are looking for?