fluent.conf

# This source tails the logs that are created by the Docker json-file logging driver
<source>
  @type tail
  tag reemoveme.ecs.*
  path /var/lib/docker/containers/*/*-json.log
  pos_file fluentd-docker.pos
  format json
  refresh_interval 10s
  time_key time
  time_format %Y-%m-%dT%H:%M:%S
</source>

# This matches the removeme tag to dectect exceptions.
<match reemoveme.**>
  @type detect_exceptions
  remove_tag_prefix reemoveme
  message log
  languages all
  multiline_flush_interval 0.1
</match>

#This makes use of the ECS Metadata plugin to enrich records with ECS metadata
<filter **>
  @type ecs_metadata
</filter>

#This match updates the tag to include all ECS metadata for routing 
<match ecs.**>
  @type record_reformer
  tag ${record['ecs']}
</match>

#This copies the FluentD field log over to "message" field for the Kibana Discover page at Logzio
<match ecs.**>
  @type record_reformer
  renew_record false
  enable_ruby false
  tag logcopy
  <record>
    message ${log}
  </record>
</match>

#This drops unnecessary keys (just log in this example, but could be extended to others)
<match logcopy>
  @type record_reformer
  remove_keys log
  renew_record false
  enable_ruby false
  tag final
</match>

#This is for sending to a file for testing prior to sending to Logz.io
<match **>
      @type logzio_buffered
      endpoint_url "#{ENV['LOGZ_IO_URL_1']}"
      output_include_time true
      output_include_tags true
      buffer_type    file
      buffer_path    /tmp/logsz_buffer
      flush_interval 1s
      buffer_chunk_limit 1m   # Logz.io has bulk limit of 10M. We recommend set this to 1M, to avoid oversized bulks
</match>

#This is for sending to a file for testing prior to sending to Logz.io
#<match **>
#  @type file
#  path /tmp/test0
#  time_slice_format %Y%m%d
#  time_slice_wait 10m
#  time_format %Y%m%dT%H%M%S%z
#  utc
#</match>