fluent-plugin-remote_syslog icon indicating copy to clipboard operation
fluent-plugin-remote_syslog copied to clipboard

Published 20 hours ago verified publisher icon fluent-plugins-nursery

Changing source string

Open sgeffken opened this issue 5 years ago • 1 comments

I am encountering the following problem:

We are using docker swarm mit fluentd logging driver. Our logs are forwarded by remote_syslog plugin to graylog. Unfortunately, the source is always "stdout" independent of the origin host. I have tried using the "hostname" configuration, but this does not suffice as we need to set the source string from "stdout" to "my-hostname" in order to programmatically extract the source. Any recommendations our thoughts on this?

Thank you

sgeffken avatar Jun 04 '19 13:06 sgeffken

Hello,
We had the same issue. Here is the configuration of the buffer to get some attributes you can use to dynamically change the hostname and the severity

<match stdout-containers_**>
  @type remote_syslog 
  host rs-tinysyslog  
  port 514
  program myapp
  severity ${level}
  hostname ${hostname}

  <buffer hostname,level>
    chunk_limit_size    8m   # default 8m (MB)
    flush_thread_count  8
    queue_limit_length  32
    overflow_action     block
    # https://docs.fluentd.org/v/0.12/buffer/memory
    flush_interval      2s   # default 60s
    flush_at_shutdown   true # default true
  </buffer>
  <format>
    @type single_value
    message_key message
  </format>
</match>

Attributes I use needs to be listed as parameter of the buffer property

serut avatar Oct 27 '23 08:10 serut