fluent-bit-go-loki
fluent-bit-go-loki copied to clipboard
Published
20 hours ago •
cosmo0920
cosmo0920
Parsed log fields are ignored
Problem
Parsed log fields are ignored, and raw logs are written instead.
Steps to replicate
I have the following fluentbit configuration:
[SERVICE]
Flush 1
Daemon Off
Log_Level warning
HTTP_Server true
Parsers_File fluentbit/conf/parsers.conf
[INPUT]
Name tail
Tag logfiles.data
Path /var/log/auth.log
Path_Key path
Key_Name log
Parser auth
[OUTPUT]
Name stdout
Match *
[OUTPUT]
Name Loki
Match *
Url http://loki:3100/api/prom/push
Contents of fluentbit/conf/parsers.conf:
[PARSER]
Name auth
Format regex
Regex ^(?<time>[^ ]* \d{2} \d{2}:\d{2}:\d{2}) (?<host>[\S]*) (?<program>[^\[\] ]*)(\[(?<pid>\d*)\])?: (?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
Time_Keep true
Contents of /var/log/auth.log:
Aug 22 13:26:45 plutonium systemd-logind[814]: Removed session 6422.
Expected Behavior or What you need to ask
I expected loki to store the stringified parsed data, similar to what stdout gives:
- stdout:
logfiles.data: [1566480405.000000000, {"path"=>"/var/log/auth.log", "time"=>"Aug 22 13:26:45", "host"=>"plutonium", "program"=>"systemd-logind", "pid"=>"814", "message"=>"Removed session 6422."}]
- loki:
{"log":"Aug 22 13:26:05 plutonium systemd-logind[814]: Removed session 6422.","path":"/var/log/auth.log"}
Other outputs, behave like this:
- http:
[{u'pid': u'814', u'host': u'plutonium', u'program': u'systemd-logind', u'time': u'Aug 22 13:26:45', u'date': 1566480405.0, u'path': u'/var/log/auth.log', u'message': u'Removed session 6422.'}]
- file:
logfiles.data: [1566480405.000000, {"path":"/var/log/auth.log", "time":"Aug 22 13:26:45", "host":"plutonium", "program":"systemd-logind", "pid":"814", "message":"Removed session 6422."}]
Using Fluentd and loki plugin versions
- OS version
Ubuntu 16.04.6 LTS
- Bare Metal or within Docker or Kubernetes or others?
Within docker, started with, command:
/fluent-bit/bin/fluent-bit -c /fluent-bit/etc/fluent-bit-loki.conf -e /usr/lib/x86_64-linux-gnu/out_loki.so
And these folder binds:
"/fluentbit/conf/fluent-bit.conf:/fluent-bit/etc/fluent-bit-loki.conf:rw",
"/fluentbit/conf/:/fluentbit/conf/:rw",
"/var/log/:/var/log/:rw"
- fluent-bit version
Fluent Bit v1.1.3
- fluent-bit-go-loki version
Fluent Bit v1.1.3
Copyright (C) Treasure Data
level=info caller=out_loki.go:86 [flb-go]="Starting fluent-bit-go-loki" version="(version=0.2.0, branch=master, revision=5b25616)"
level=info caller=out_loki.go:87 [flb-go]="provided parameter" URL=http://loki:3100/api/prom/push
level=info caller=out_loki.go:88 [flb-go]="provided parameter" BatchWait=
level=info caller=out_loki.go:89 [flb-go]="provided parameter" BatchSize=
level=info caller=out_loki.go:90 [flb-go]="provided parameter" Labels=
level=info caller=out_loki.go:91 [flb-go]="provided parameter" LogLevel=
level=info caller=out_loki.go:92 [flb-go]="provided parameter" RemoveKeys=
- Grafana and Loki version
Grafana v6.4.0-pre (299a0e2)
loki_build_info{branch="master",goversion="go1.11.4",revision="481906c4",version="master-481906c"} 1.0
This fluent-bit-go-loki plugin is merged into loki upstream. Could you test it instead? https://github.com/grafana/loki/tree/master/cmd/fluent-bit
