You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Steps to reproduce the problem:
Use Fluentbit systemd input plugin.
Run any application that writes multiline logs.
Expected behavior
Ship multiline output logs as a single-line-log to elasticsearch, using systemd input plugin of Fluentbit.
Your Environment
Version used:
1.0.4
Configuration:
[INPUT]
Name systemd
Tag logging
Path /var/log/journal
Read_From_Tail On
[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
# Command | Decoder | Field | Optional Action
# =============|==================|=================
Decode_Field_As escaped log
[PARSER]
Name syslog
Format regex
Regex ^<(?[0-9]+)>(?[^ ]* {1,2}[^ ]* [^ ]) (?[^ ]) (?[a-zA-Z0-9_/.-])(?:[(?[0-9]+)])?(?:[^\:]:)? (?.)$
Time_Key time
Time_Format %b %d %H:%M:%S
Environment name and version (e.g. Kubernetes? What version?):
1.15.1
Server type and version:
Operating System and version:
Rhel 7.5
Filters and plugins:
Additional context
We want to maintain the systemd input plugin and parse these log records by date, so then we send them to elasticsearch as a single-line-log.
Is this possible to do?
Thank you.
The text was updated successfully, but these errors were encountered:
As part of Fluent Bit v1.8, we have released a new Multiline core functionality. This new big feature allows you to configure new [MULTILINE_PARSER]s that support multi formats/auto-detection, new multiline mode on Tail plugin, and also on v1.8.2 (to be released on July 20th, 2021) a new Multiline Filter.
For now, you can take at the following documentation resources:
Bug Report
Describe the bug
To Reproduce
Example from another container:
Use Fluentbit systemd input plugin.
Run any application that writes multiline logs.
Expected behavior
Ship multiline output logs as a single-line-log to elasticsearch, using systemd input plugin of Fluentbit.
Your Environment
Version used:
1.0.4
Configuration:
[INPUT]
Name systemd
Tag logging
Path /var/log/journal
Read_From_Tail On
[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
# Command | Decoder | Field | Optional Action
# =============|==================|=================
Decode_Field_As escaped log
[PARSER]
Name syslog
Format regex
Regex ^<(?[0-9]+)>(?[^ ]* {1,2}[^ ]* [^ ]) (?[^ ]) (?[a-zA-Z0-9_/.-])(?:[(?[0-9]+)])?(?:[^\:]:)? (?.)$
Time_Key time
Time_Format %b %d %H:%M:%S
Environment name and version (e.g. Kubernetes? What version?):
1.15.1
Server type and version:
Operating System and version:
Rhel 7.5
Filters and plugins:
Additional context
We want to maintain the systemd input plugin and parse these log records by date, so then we send them to elasticsearch as a single-line-log.
Is this possible to do?
Thank you.
The text was updated successfully, but these errors were encountered: