- syslog フォーマットが便利
syslog Parser Plugin | Fluentd
送り側
# config for /var/log/messages <source> @type tail format syslog path /var/log/messages pos_file /var/log/td-agent/pos/var.log.messages.pos read_from_head true tag syslog.messages </source> <filter syslog.messages> @type record_transformer <record> hostname ${hostname} </record> </filter> {% if server_role != "aggregate" %} <match syslog.messages> @type forward <server> name back host {{ back_hostname }} </server> buffer_type file buffer_path /var/log/td-agent/buffer/syslog.messages </match> {% endif %}
受け側
{% if server_role == "aggregate" %} # config for /var/log/messages <match syslog.messages> @type copy <store> @type elasticsearch logstash_format true logstash_prefix syslog.messages include_timestamp true hosts {{ back_hostname }} port 9200 buffer_type file buffer_path /var/log/td-agent/buffer/syslog.messages.back buffer_chunk_limit 128k buffer_queue_limit 128 </store> </match> {% endif %}
About
ウェブ界隈でエンジニアとして労働活動に励んでいる @gomi_ningen 個人のブログです