Any example on how to use the grok parser in a filter? #23
Comments
|
It works with following configuration with Fluentd v0.12.29 included filter parser plugin. And fluent-plugin-parser does not support Fluentd v0.14 for now. <source>
@type dummy
tag dummy.log
dummy [
{ "message": "Oct 24 09:01:33 mymachine uim-toolbar[5831]: Theme parsing error: <data>:2:30: The style property GtkWidget:focus-line-width is deprecated and shouldn't be used anymore. It will be removed in a future version" },
{ "message": "Oct 24 09:01:33 mymachine uim-toolbar[5831]: Theme parsing error: <data>:3:27: The style property GtkWidget:focus-padding is deprecated and shouldn't be used anymore. It will be removed in a future version" },
{ "message": "Oct 24 09:01:33 mymachine uim-toolbar[5831]: Theme parsing error: <data>:2:30: The style property GtkWidget:focus-line-width is deprecated and shouldn't be used anymore. It will be removed in a future version" }
]
</source>
<filter **>
@type parser
key_name message
format grok
grok_pattern %{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST:host} %{SYSLOGPROG}: %{GREEDYDATA:message}
</filter>
<match **>
@type stdout
</match> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am trying to use the grok parser in a filter but seem to be stuck on how to use it. My goal is to enrich the records with fields that are in the log message. Any example on how this can be used?
See http://stackoverflow.com/questions/40282762/using-grok-parser-in-fluentd
The text was updated successfully, but these errors were encountered: