Skip to content

in_systemd: add basic support for tailing logs from the last N minutes #10187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

in_systemd: add basic support for tailing logs from the last N minutes #10187

wants to merge 1 commit into from

Conversation

gersner-island
Copy link

@gersner-island gersner-island commented Apr 9, 2025
edited
Loading

This patch introduces the ability to tail logs from the last N minutes in the systemd input plugin. While the current read_from_tail approach works for many use cases, it can result in lost logs when it races with other components that emit logs and bootstrap at the same time.

An alternative solution using a database and cursor approach could help, but it introduces the downside of requiring a state file to be maintained.

Although systemd supports complex values for the "since" parameter, this patch simplifies the implementation by supporting only the specific use case of tailing logs from the last N minutes. This simplified approach is sufficient for many common scenarios.

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
  • Debug log output from testing the change
  • Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • Run local packaging test showing all targets (including any new ones) build.
  • Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@gersner-island
in_systemd: add basic support for tailing logs from the last N minutes
d34eb1a 
This patch introduces the ability to tail logs from the last N minutes in the
systemd input plugin. While the current `read_from_tail` approach works for
many use cases, it can result in lost logs when it races with other components
that emit logs and bootstrap at the same time.

An alternative solution using a database and cursor approach could help,
but it introduces the downside of requiring a state file to be maintained.

Although systemd supports complex values for the "since" parameter, this
patch simplifies the implementation by supporting only the specific use case
of tailing logs from the last N minutes. This simplified approach is sufficient
for many common scenarios.

Signed-off-by: Shimi Gersner <shimi.gersner@island.io>
@gersner-island
Copy link
Author

Example run bin/fluent-bit -i systemd -p Systemd_Filter=CONTAINER_NAME=sample-container -p read_since_minutes_ago=5 -o stdout -f 1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

@leonardo-albertovich leonardo-albertovich Awaiting requested review from leonardo-albertovich leonardo-albertovich is a code owner

@fujimotos fujimotos Awaiting requested review from fujimotos fujimotos is a code owner

@koleini koleini Awaiting requested review from koleini koleini is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
docs-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@gersner-island