Parser Plugins
Fluentd has nine (9) types of plugins:
This article gives an overview of the Parser Plugin.
Overview
Sometimes, the <parse> directive for input plugins (e.g. in_tail, in_syslog, in_tcp and in_udp) cannot parse the user's custom data format (for example, a context-dependent grammar that can't be parsed with a regular expression). To address such cases, Fluentd has a pluggable system that enables the user to create their own parser formats.
How To Use
Write a custom format plugin. See here
for more information.
From any input plugin that supports the
<parse>directive, call the customplugin by its name.
Here is an example to read Nginx access logs using in_tail and parser_nginx:
Note: When td-agent is launched by systemd, the default user of the td-agent process is the td-agent user. You must ensure that this user has read permission to the tailed /path/to/file. For instance, on Ubuntu, the default Nginx access file /var/log/nginx/access.log is mode 0640 and owned by www-data:adm. In this case, several options are available to allow read access:
Add the
td-agentuser to theadmgroup, e.g. throughusermod -aG, orUse the
cap_dac_read_searchcapabilityto allow the invoking user to read the file without otherwise changing its permission bits or ownership.
List of Built-in Parsers
Third-party Parsers
If you are familiar with
grokpatterns,grok-parserplugin is useful. Use> 1.0.0versions forfluentdv0.14/v1.0.If you need to parse multiple formats in one data stream,
multi-format-parseris useful.For protocol buffers.
For Apache Avro.
List of Core Input Plugins with Parser support
Following plugins support <parse> directive:
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Last updated