Project

fluent-plugin-multi-format-parser

0.23
Low commit activity in last 3 years
There's a lot of open issues
A long-lived project that still receives updates
fluent-plugin-multi-format-parserrepeatedly/fluent-plugin-multi-format-parserHomepageDocumentationSource CodeBug TrackerWiki
Multi format parser plugin for Fluentd
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
8,735,358
Stars
109
Forks
15
Watchers
5
 Releases
Current version
1.1.0
Total releases
6
First release
2014-07-10
Latest release
2023-11-29
 Issues
Open Issues
10
Closed Issues
10
Total Issues
20
Issue Closure Rate
50%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
2
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
Apache License (2.0)
Average date of last 50 commits
2018-07-28
Reverse Dependencies
2

 Dependencies

Development

rake
>= 0.9.2
test-unit
~> 3.3

Runtime

fluentd
>= 0.14.0, < 2
 Project Readme

Multi format parser plugin for Fluentd

Parse format mixed logs.

Requirements

fluent-plugin-multi-format-parser fluentd ruby
>= 1.0.0 >= v0.14.0 >= 2.1
< 1.0.0 >= v0.12.0 >= 1.9

Installation

Use RubyGems:

fluent-gem install fluent-plugin-multi-format-parser

Configuration

This plugin is a parser plugin. After installed, you can use multi_format in <parse> supported plugins. Use multiple <pattern>s to specify multiple parser formats.

<source>
  @type udp
  tag logs.multi

  <parse>
    @type multi_format
    <pattern>
      format apache
    </pattern>
    <pattern>
      format json
      time_key timestamp
    </pattern>
    <pattern>
      format none
    </pattern>
  </parse>
</source>

multi_format tries pattern matching from top to bottom and returns parsed result when matched.

Available format patterns and parameters are depends on Fluentd parsers. See parser plugin document for more details.

For v1.0

Put <pattern>s inside <parse>.

<filter app.**>
  @type parser
  key_name message
  <parse>
    @type multi_format
    <pattern>
      format json
    </pattern>
    <pattern>
      format regexp
      expression /...your regexp pattern.../
    </pattern>
    <pattern>
      format none
    </pattern>
  </parse>
</filter>

For v0.12

Use format instead of <parse></parse>.

<filter app.**>
  @type parser
  key_name message

  format multi_format
  <pattern>
    format json
  </pattern>
  <pattern>
    format /...your regexp pattern.../
  </pattern>
  <pattern>
    format none
  </pattern>
</filter>

Adding format identity field

Sometimes it may be useful to know which pattern was used. Since pareser usage may not support retagging, there is an option to add a format name field and/or index field.

Example:

<filter app.**>
  @type parser
  key_name message
  <parse>
    @type multi_format

    # if set, add this key to record with value being pattern format name
    # (format_name key)
    format_key 'format'

    <pattern>
      format json
      # set format name for this pattern. If unset, uses format name
      # followed by index (in this case would be 'json#0')
      format_name 'json'
    </pattern>
    <pattern>
      format regexp
      format_name 'MyRefex'
      expression /...your regexp pattern.../
    </pattern>
    <pattern>
      format none
      format_name 'unparsed'
    </pattern>
  </parse>
</filter>

NOTE

This plugin doesn't work with multiline parsers because parser itself doesn't store previous lines.

Copyright

Author Masahiro Nakagawa
Copyright Copyright (c) 2014- Masahiro Nakagawa
License Apache License (2.0)