Fluent-plugin-ignore-filter
Fluentd filter plugin to ignore messages.
Requirements
fluent-plugin-ignore-filter | fluentd | ruby |
---|---|---|
>= 2.0.0 | >= v0.14.0 | >= 2.2 |
< 1.2.0 | >= v0.12.0 | >= 1.9 |
Installation
# for fluentd
$ gem install fluent-plugin-ignore-filter
# for td-agent2
$ sudo td-agent-gem install fluent-plugin-ignore-filter
Usage
Example 1:
<filter alert.messages.**>
@type ignore
regexp1 level info
</filter>
<filter alert.messages.**>
@type ignore
regexp1 server_name ^dev
</filter>
<filter alert.messages.**>
@type ignore
regexp1 level warning|warn
regexp2 ident kernel
</filter>
Assuming following inputs are coming:
alert.messages: {"level":"info","ident":"kernel","server_name":"prod-web",message":"some info"}
alert.messages: {"level":"warn","ident":"kernel","server_name":"prod-web","message":"failed to do something"}
alert.messages: {"level":"error","ident":"kernel","server_name":"prod-web",message":"I/O error"}
alert.messages: {"level":"warn","ident":"chronyd","server_name":"prod-web","message":"System clock wrong"}
alert.messages: {"level":"error","ident":"sudo","server_name":"prod-web","message":"conversation failed"}
alert.messages: {"level":"error","ident":"sudo","server_name":"dev-web","message":"conversation failed"}
then output bocomes as belows:
alert.messages: {"level":"error","ident":"kernel","server_name":"prod-web",message":"I/O error"}
alert.messages: {"level":"warn","ident":"chronyd","server_name":"prod-web","message":"System clock wrong"}
alert.messages: {"level":"error","ident":"sudo","server_name":"prod-web","message":"conversation failed"}
Example 2:
<filter alert.messages.**>
@type ignore
regexp1 level info|notice
exclude1 ident crmd
</filter>
<filter alert.messages.**>
@type ignore
regexp1 level info|notice
regexp2 ident crmd
exclude1 message process_lrm_event
</filter>
Assuming following inputs are coming:
alert.messages: {"level":"info","ident":"kernel","server_name":"prod-web",message":"some info"}
alert.messages: {"level":"info","ident":"crmd","server_name":"prod-web","message":"process_lrm_event: Operation rundeck_monitor_0: not running"}
alert.messages: {"level":"info","ident":"crmd","server_name":"prod-web","message":"Performing"}
alert.messages: {"level":"warn","ident":"chronyd","server_name":"prod-web","message":"System clock wrong"}
then output bocomes as belows:
alert.messages: {"level":"info","ident":"crmd","server_name":"prod-web","message":"process_lrm_event: Operation rundeck_monitor_0: not running"}
alert.messages: {"level":"warn","ident":"chronyd","server_name":"prod-web","message":"System clock wrong"}
Parameters
-
regexp[1-20] field_key regexp
The target field key and the ignoring regular expression.
-
exclude[1-20] field_key regexp
The target field key and the excluding regular expression.
TODO
- patches welcome!
Contributing
- Fork it ( https://github.com/bungoume/fluent-plugin-ignore-filter/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request
Copyright
Copyright (c) 2015 Yuri Umezaki
Thanks to
https://github.com/sonots/fluent-plugin-grep
License
Apache License, Version 2.0