Skip to content

Latest commit

 

History

History
78 lines (62 loc) · 3.63 KB

systemd.md

File metadata and controls

78 lines (62 loc) · 3.63 KB

Systemd

The Systemd input plugin allows to collect log messages from the Journald daemon on Linux environments.

Configuration Parameters

The plugin supports the following configuration parameters:

Key Description Default
Path Optional path to the Systemd journal directory, if not set, the plugin will use default paths to read local-only logs.
Max_Fields Set a maximum number of fields (keys) allowed per record. 8000
Max_Entries When Fluent Bit starts, the Journal might have a high number of logs in the queue. In order to avoid delays and reduce memory usage, this option allows to specify the maximum number of log entries that can be processed per round. Once the limit is reached, Fluent Bit will continue processing the remaining log entries once Journald performs the notification. 5000
Systemd_Filter Allows to perform a query over logs that contains a specific Journald key/value pairs, e.g: _SYSTEMD_UNIT=UNIT. The Systemd_Filter option can be specified multiple times in the input section to apply multiple filters as required.
Systemd_Filter_Type Define the filter type when Systemd_Filter is specified multiple times. Allowed values are And and Or. With And a record is matched only when all of the Systemd_Filter have a match. With Or a record is matched when any of the Systemd_Filter has a match. Or
Tag The tag is used to route messages but on Systemd plugin there is an extra functionality: if the tag includes a star/wildcard, it will be expanded with the Systemd Unit file (_SYSTEMD_UNIT, e.g. host.* => host.UNIT_NAME) or unknown (e.g. host.unknown) if _SYSTEMD_UNIT is missing.
DB Specify the absolute path of a database file to keep track of Journald cursor.
DB.Sync Set a default synchronization (I/O) method. values: Extra, Full, Normal, Off. This flag affects how the internal SQLite engine do synchronization to disk, for more details about each option please refer to this section. note: this option was introduced on Fluent Bit v1.4.6. Full
Read_From_Tail Start reading new entries. Skip entries already stored in Journald. Off
Lowercase Lowercase the Journald field (key). Off
Strip_Underscores Remove the leading underscore of the Journald field (key). For example the Journald field _PID becomes the key PID. Off

Getting Started

In order to receive Systemd messages, you can run the plugin from the command line or through the configuration file:

Command Line

From the command line you can let Fluent Bit listen for Systemd messages with the following options:

$ fluent-bit -i systemd \
             -p systemd_filter=_SYSTEMD_UNIT=docker.service \
             -p tag='host.*' -o stdout

In the example above we are collecting all messages coming from the Docker service.

Configuration File

In your main configuration file append the following Input & Output sections:

{% tabs %} {% tab title="fluent-bit.conf" %}

[SERVICE]
    Flush        1
    Log_Level    info
    Parsers_File parsers.conf

[INPUT]
    Name            systemd
    Tag             host.*
    Systemd_Filter  _SYSTEMD_UNIT=docker.service

[OUTPUT]
    Name   stdout
    Match  *

{% endtab %}

{% tab title="fluent-bit.yaml" %}

service:
    flush: 1
    log_level: info
    parsers_file: parsers.conf
pipeline:
    inputs:
        - name: systemd
          tag: host.*
          systemd_filter: _SYSTEMD_UNIT=docker.service
    outputs:
        - name: stdout
          match: '*'

{% endtab %} {% endtabs %}