6 Parsing to extract more meaning
This chapter covers
- Exploring the relationship between filters, parsers, and decoders
- Examining prebuilt parsers
- Using filters to run parser processes
- Using regular expressions and JSON parsers to extract meaning from log content
In this chapter, we will start working with Fluent Bit’s capabilities to examine and manipulate the data it collects and outputs. Parsers are key tools for extracting meaning from unstructured data. Obtaining the meaning of an event allows us to make decisions and transform and route events. To use an old expression, parsing enables us to turn data into information.
6.1 Architectural context
As we can see in figure 6.1, parsers and filters sit in the middle of the pipeline of processing log events after we’ve ingested the data.
Figure 6.1 Logical architecture of Fluent Bit, with this chapter's focus on parsers highlighted. Parsers are used in special cases with input plugins but primarily through their relationship with filters.
The benefit of separating parsers from the input and output plugins is that we can apply the same parsing processes to different sources. This makes parsers highly reusable, as we’ll see. As the figure suggests, we can use parsers with input plugins, but the main relationship parsers have with other components is with filters, as we’ll see.