-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathfluent-bit.conf
164 lines (133 loc) · 2.86 KB
/
fluent-bit.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# This provides prometheus metrics
[SERVICE]
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_PORT 2020
[INPUT]
Name cpu
Tag local.cpu
Interval_Sec 1
[INPUT]
Name mem
Tag local.mem
Interval_Sec 1
# This implements the heartbeat function
[INPUT]
Name dummy
Tag sys.heartbeat
Dummy {"event":{"heartbeat":"heartbeat"}}
Rate 1
# Filters are applied in order
#
# Applying the filter below it becomes,
# {
# "index" : "fluentbit_demo",
# "sourcetype" : "fluentbit-heartbeat",
# "event" : {
# "heartbeat" : "heartbeat"
# }
# }
[FILTER]
Name modify
Match sys.heartbeat
Set sourcetype fluentbit-heartbeat
Set index fluentbit_demo
# This 'nest' takes all key values pairs in a record and places them under the
# 'event' key, which is the Splunk HEC format
# Whith the filter below, this input,
#
# {
# "key1" : "value1",
# "key2" : "value2"
# }
#
# Becomes,
# {
# "event" : {
# "key1" : "value1",
# "key2" : "value2"
# }
# }
[FILTER]
Name nest
Match local.*
Operation nest
Wildcard *
Nest_under event
[FILTER]
Name modify
Match local.cpu
Add_if_not_present sourcetype cpustats
[FILTER]
Name modify
Match local.mem
Add_if_not_present sourcetype memstats
# Add defaults if none are set.
# Whith the filter below, this input,
# {
# "event" : {
# "key1" : "value1",
# "key2" : "value2"
# }
# }
# Becomes,
# {
# "index" : "fluentbit_demo",
# "sourcetype" : "json",
# "hostname" : "example.local",
# "event" : {
# "key1" : "value1",
# "key2" : "value2"
# }
# }
[FILTER]
Name modify
Match local.*
Add_if_not_present sourcetype _json
Add_if_not_present index fluentbit_demo
Add_if_not_present hostname ${HOSTNAME}
# Move items to indexed fields
# Whith the filter below, this input,
# {
# "index" : "fluentbit_demo",
# "sourcetype" : "json",
# "hostname" : "example.local",
# "event" : {
# "key1" : "value1",
# "key2" : "value2"
# }
# }
# Becomes,
# {
# "index" : "fluentbit_demo",
# "sourcetype" : "json",
# "fields" : {
# "hostname" : "example.local",
# },
# "event" : {
# "key1" : "value1",
# "key2" : "value2"
# }
# }
[FILTER]
Name nest
Match local.*
Operation nest
Wildcard hostname*
Nest_under fields
# Log to STDOUT for debugging
[OUTPUT]
Name stdout
Match *
# Forward to Splunk HEC in JSON format
[OUTPUT]
Name http
Match *
Host envoy
Port 8088
Format json_stream
URI /services/collector/event
tls Off
json_date_key time
http_user x
http_passwd 3e6ffd12-0f69-46bb-ad0d-71cffb661a0d