3 Using Fluentd to capture log events

This chapter covers

Configuring Fluentd for the input of log files
Examining the impact of stopping and starting during file reading by Fluentd
Using parsers to extract more meaning from log events
Self-monitoring and external monitoring of Fluentd using APIs

With the conceptual and architectural foundations set up, and having run a simple configuration, we’re ready to start looking at the capture of log events in more detail. In this chapter, we’re going to focus on capturing log events. But before we do, let’s look at how we can check that our Fluentd configuration is correct.

3.1 Dry running to check a configuration

3.1.1 Putting validating Fluentd configuration into action

3.2 Reading log files

3.2.1 Putting the adaption of a Fluentd configuration to Fluent Bit into action

3.2.2 Rereading and resuming reading of log files

3.2.3 Configuration considerations for tracking position

3.2.4 Wildcards in the path attribute

3.2.5 Expressing time

3.2.6 Controlling the impact of wildcards in filenames

3.2.7 Replacing wildcards with delimited lists in action

3.2.8 Handling log rotation

3.3 Self-monitoring

3.3.1 HTTP interface check

3.4 Imposing structure on log events

3.4.1 Standard parsers

3.4.2 Third-party parsers

3.4.3 Applying a Regex parser to a complex log