Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.0: in_tail_with_throttle: Add <group> directive description #376

Merged
merged 3 commits into from Jun 29, 2022
Merged

1.0: in_tail_with_throttle: Add <group> directive description #376

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1e6f78f
in_tail_with_throttle: Add documentation for `<group>` directives
Pranjal-Gupta2 Oct 18, 2021
3ee0c71
Update `in_tail` with group directive
Pranjal-Gupta2 Apr 25, 2022
c0a9c1e
in_tail: Remove `<group>` section in example config
ashie Jun 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
96 changes: 96 additions & 0 deletions input/tail.md
View file
Open in desktop
Expand Up @@ -402,6 +402,80 @@ The `@log_level` option allows the user to set different levels of logging for e

Refer to the [Logging](../deployment/logging.md) for more details.


### `<group>` Section

The `in_tail` plugin can assign each log file to a group, based on user defined rules. The `limit` parameter controls the total number of lines collected for a group within a `rate_period` time interval.

Example:

```text
# group rules -- 1
<group>
rate_period 5s

<rule>
match {
namespace: /shopping/,
podname: /frontend/,
}
limit 1000
</rule>
</group>

# group rules -- 2
<group>
<rule>
match {
directoy: /payment/
}
limit 2000
</rule>
</group>
```

#### `pattern`

| type | default | version |
| :--- | :--- | :--- |
| regexp | `/^\/var\/log\/containers\/(?<podname>[a-z0-9]([-a-z0-9]*[a-z0-9])?(\/[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace>[^_]+)_(?<container>.+)-(?<docker_id>[a-z0-9]{64})\.log$/`| 1.15 |

Specifies the regular expression for extracting metadata (namespace, podname) from log file path. Default value of the pattern regexp extracts information about `namespace`, `podname`, `docker_id`, `container` of the log (K8s specific).

You can also add custom named captures in `pattern` for custom grouping of log files. For example,
```text
pattern /^\/home\/logs\/(?<file>.+)\.log$/
```
In this example, filename will be extracted and used to form groups.

#### `rate_period`

| type | default | version |
| :--- | :--- | :--- |
| time | 60 \(seconds\) | 1.15 |

Time period in which the group line limit is applied. `in_tail` resets the counter after every `rate_period` interval.

#### `<rule>` Section \(required\)

Grouping rules for log files.

##### match

| type | default | version |
| :--- | :--- | :--- |
| hash | {"namespace": /./, "podname": /./} | 1.15 |

`match` parameter is used to check if a file belongs to a particular group based on hash keys (named captures from `pattern`) and hash values (regexp)

##### limit

| type | default | version |
| :--- | :--- | :--- |
| integer | -1 | 1.15 |

Maximum number of lines allowed from a group in `rate_period` time interval. The default value of `-1` doesn't throttle log files of that group.

## Learn More

* [Input Plugin Overview](./)
Expand Down Expand Up @@ -469,3 +543,25 @@ path C:\\path\\to\\*\\foo.log

If this article is incorrect or outdated, or omits critical information, please [let us know](https://github.com/fluent/fluentd-docs-gitbook/issues?state=open). [Fluentd](http://www.fluentd.org/) is an open-source project under [Cloud Native Computing Foundation \(CNCF\)](https://cncf.io/). All components are available under the Apache 2 License.

### What happens when a file can be assigned to more than one group?

Example,

```text
<rule> ## Rule1
match {
namespace: /monitoring/
}
limit 100
</rule>

<rule> ## Rule2
match {
namespace: /monitoring/,
podname: /logger/,
}
limit 2000
</rule>
```

In this case, rules with more constraints, i.e., greater number of `match` hash keys will be given a higher priority. So a file will be assigned to `Rule2` if it can be assigned to both `Rule1` and `Rule2`.