Menu
I want to install the ops agent on a GCP VM and have it send logs from a systemd service to StackDriver.
However, the relevant docs do not indicate how to specify one (and only one) systemd service.
Is there a way to limit log reading (and dispatching to StackDriver) for only one systemd serrvice?
935
I also couldn't find any options for the systemd_journald receiver. However, you can implement the same logic by using an exclude logs processor in your pipeline to include only the logs from the correct systemd unit. Here's an example config that only includes logs from the ssh service:
logging:
receivers:
systemd_receiver:
type: systemd_journald
processors:
filter_systemd:
type: exclude_logs
match_any:
- 'NOT jsonPayload._SYSTEMD_UNIT = "ssh.service"'
service:
pipelines:
systemd_pipeline:
receivers:
- systemd_receiver
processors:
- filter_systemd
You have to use the NOT operator instead of the != operator due to how GCP's logging query language handles missing fields.
165
answered Nov 04 '25 06:11
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With