fluent-plugin-rewrite, a plugin for Fluentd
Output plugin to rewrite messages' tags/values along with pattern matching and re-emit them.
<match apache.log.**>
type rewrite
remove_prefix apache.log
add_prefix filtered
<rule>
key path
pattern \\?.+$
replace
</rule>
<rule>
key path
pattern (/[^/]+)\\?([^=]+)=(\\d)
replace \\1/\\2/\\3
</rule>
<rule>
key status
pattern ^500$
ignore true
</rule>
<rule>
key path
pattern ^\/(users|entries)
append_to_tag true
fallback others
</rule>
<rule>
key is_loggged_in
pattern 1
append_to_tag true
tag user
</rule>
</match>
remove_prefix apache.log
add_prefix filtered
- remove_prefix: removes the string from a prefix of tag.
- add_prefix: prepend the string to a tag.
For example, if you want to filter out query string form URL string:
<rule>
key path
pattern \\?.+$
replace
</rule>
It executes pattern matching against a value related with key
and replaces it with empty string if it matches.
/foo?bar=baz -> /foo
This time, if you want to rewrite path string along with some pattern:
<rule>
key path
pattern (/[^/]+)\\?([^=]+)=(\\d)
replace \\1/\\2/\\3
</rule>
It executes pattern matching against a value related with key
and replaces it with replace
if it matches.
Need ()
in pattern
if you want to refer values in replace
. This is Ruby's capturing feature.
/foo?bar=1 -> /foo/bar/1
For example, if you want to skip a message which matches some pattern:
<rule>
key status
pattern ^500$
ignore true
</rule>
It executes pattern matching against a value related with key
and skip emitting the message if it matches.
<rule>
key path
pattern ^\/(users|entries)
append_to_tag true
</rule>
It executes pattern matching against a value related with key
and append mathed strings to message tag.
This also need ()
to append values to tag. See rule: replace section. For example:
apache.log { "path" : "/users/antipop" }
the messabe above will be re-emmited as the message below:
apache.log.users { "path" : "/users/antipop" }
If you set fallback
option like below:
<rule>
key path
pattern ^\/(users|entries)
append_to_tag true
fallback others
</rule>
the value of fallback
option will be appended to message tag.
apache.log { "path" : "/foo/bar" }
This time, the messabe above will be re-emmited as the message below:
apache.log.others { "path" : "/foo/bar" }
If tag
option set,
<rule>
key is_loggged_in
pattern 1
append_to_tag true
tag user
</rule>
the value designated by tag
will be appended to the original tag, that is:
test { "is_logged_in" => "1" }
will be
test.user { "is_logged_in" => "1" }
If you set last
option to true, rewriting chain stops applying rule where the pattern matches first.
<rule>
key path
pattern ^/foo$
replace /bar
last true
</rule>
<rule>
key path
pattern ^/bar$
replace /baz
</rule>
This rules will be applied like below:
{ "path" => "/foo" }
will be replaced with
{ "path" => "/bar" }
and the chain stops here. Therefore, the second rule is never applied.
{ "path" => "/bar" }
will be replaced by the second rule as usual.
{ "path" => "/baz" }
Add this line to your application's Gemfile:
gem 'fluent-plugin-rewrite'
And then execute:
$ bundle
Or install it yourself as:
$ gem install fluent-plugin-rewrite
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
Copyright (c) 2012- Kentaro Kuribayashi (@kentaro)
Apache License, Version 2.0