Menu
I'm trying to tail multiple logs in fluentd with the following configuration:
<source>
type tail
tag es.workers.worker1
format /^\[(?<timestamp>.*? .*?) (?<log_level>[INFO|ERROR][^\]]*)\] (?<message>.*)$/
path /var/log/upstart/worker1.log
pos_file /var/lib/fluentd/pos/-var-log-upstart-worker1.log.pos
</source>
<source>
type tail
tag es.workers.worker2
format /^\[(?<timestamp>.*? .*?) (?<log_level>[INFO|ERROR][^\]]*)\] (?<message>.*)$/
path /var/log/upstart/worker2.log
pos_file /var/lib/fluentd/pos/-var-log-upstart-worker2.log.pos
</source>
<source>
type tail
tag es.workers.worker3
format /^\[(?<timestamp>.*? .*?) (?<log_level>[INFO|ERROR][^\]]*)\] (?<message>.*)$/
path /var/log/upstart/worker3.log
pos_file /var/lib/fluentd/pos/-var-log-upstart-worker3.log.pos
</source>
<source>
type tail
tag es.workers.worker4
format /^\[(?<timestamp>.*? .*?) (?<log_level>[INFO|ERROR][^\]]*)\] (?<message>.*)$/
path /var/log/upstart/worker4.log
pos_file /var/lib/fluentd/pos/-var-log-upstart-worker4.log.pos
</source>
This isn't working. Usually (but not always), I'm only getting logs of the first file. Sometimes it's a different file, but it's always only one. Any ideas as to what's going on? I'm not getting any meaningful errors in the fluentd error log.
563
Tail. The tail input plugin allows to monitor one or several text files. It has a similar behavior like tail -f shell command. The plugin reads every matched file in the Path pattern and for every new line found (separated by a ), it generates a new record.
Container Insights Support for FluentD is now in maintenance mode, which means that AWS will not provide any further updates for FluentD and that we are planning to deprecate it in near future.
The @type parameter specifies the output plugin to use. Just like input sources, you can add new output destinations by writing custom plugins. For further information regarding Fluentd output destinations, please refer to the Output Plugin Overview article.
FluentD and Logstash are both open source data collectors used for Kubernetes logging. Logstash is centralized while FluentD is decentralized. FluentD offers better performance than Logstash. In fact, FluentD offers many benefits over Logstash.
tailing multiple files can be done like this (the tag will be based in the file name)
<source>
@type tail
@id in_tail_container_logs
path /var/lib/docker/containers/*/*-json.log
pos_file /fluentd/log/containers.log.pos
time_format "%Y-%m-%dT%H:%M:%S.%L%Z"
keep_time_key true
read_from_head true
tag "docker.*"
format json
</source>
or like this
<source>
@type tail
@id in_tail_fos_logs
@label @LOGS
path /www/web/log/*.log,/www/web2/log/*.log,/www/web3/log/*.log
exclude_path ["/www/web/log/logstash_*.log"]
pos_file /var/log/td-agent/logs.log.pos
time_format "%Y-%m-%dT%H:%M:%S.%L%Z"
read_from_head true
tag "rowlogs.*"
format none
</source>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
