-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathgrok_parser.conf
43 lines (36 loc) · 1022 Bytes
/
grok_parser.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#Tail arbitrary log file and parse using grok pattern
#Install the required plugin: fluent-gem install fluent-plugin-grok-parser
<source>
@type tail
<parse>
@type grok
<grok>
pattern %{SYSLOGTIMESTAMP:timestamp} %{LOGLEVEL:loglevel}: %{GREEDYDATA:message}
</grok>
</parse>
path /var/log/customapp.log
pos_file /var/log/customapp.pos
path_key filename
tag custom.application
</source>
# Drop events with custom.application tag where loglevel field contains "debug" or "info" (case-insensitive match)
<filter custom.application>
@type grep
<exclude>
key loglevel
pattern /debug|info/i
</exclude>
</filter>
#Add hostname and tag fields to all events ("records") with a Fluentd tag of custom.application
<filter custom.application>
@type record_transformer
<record>
hostname "#{Socket.gethostname}"
tag ${tag}
</record>
</filter>
#Write custom.application events to New Relic
<match custom.application>
@type newrelic
api_key <YOUR INSERT KEY>
</match>