Fluent-bit: custom regex parser for docker daemon log

Created on 9 Jun 2017  路  5Comments  路  Source: fluent/fluent-bit

I'm trying to use fluent-bit for docker daemon log.
but seems my custom regex parser doesnt work well.

for example...

docker daemon log

time="2017-06-08T14:29:08.600834972+09:00" level=info msg="Translating \"denied: requested access to the resource is denied\" to \"repository sf not found: does not exist or no pull access\""

output by fluent-bit

[14] tail.0: [1496979451, {"log"=>"time="2017-06-08T14:29:08.600834972+09:00" level=info msg="Translating \"denied: requested access to the resource is denied\" to \"repository sf not found: does not exist or no pull access\"" "}]

what I expected is 

[14] tail.0: [1496979451, {"level"=>"info", "msg"=>"Translating \"denied: requested access to the resource is denied\" to \"repository sf not found: does not exist or no pull access\" "}]

How I can get proper result ?

below is my configuration

$ fluent-bit --version
Fluent Bit v0.11.8
$ fluent-bit --help | grep -A5 Internal
Internal
 Event Loop  = epoll
 Build Flags =  JSMN_PARENT_LINKS JSMN_STRICT FLB_HAVE_TLS FLB_HAVE_SQLDB FLB_HAVE_FLUSH_LIBCO FLB_HAVE_VALGRIND FLB_HAVE_FORK FLB_HAVE_PROXY_GO FLB_HAVE_REGEX FLB_HAVE_C_TLS FLB_HAVE_SETJMP FLB_HAVE_ACCEPT4 FLB_HAVE_INOTIFY

[SERVICE]
    Flush        1
    Daemon       Off
    Log_Level    info
    Parsers_File parsers.conf
    Log_File     fluent-bit.log
    Parser       docker-daemon

[INPUT]
    Name Tail
    Path /home/keyolk/docker.log

[OUTPUT]
    Name stdout



md5-61e21373eec208b867ea706073faefc3



[PARSER]
  Name docker-daemon
  Foramt regex
  Regex time="(?<time>[^ ]*)" level=(?<level>[^ ]*) msg="(?<msg>[^ ].*)"
  Time_Key time
  Time_Format %Y-%m-%dT%H:%M:%S.%L
not-an-issue
Source
picture keyolk

Most helpful comment

@keyolk note that the Parser needs to be applied to the input plugin, not the service global configuration, it should be:

[SERVICE]
    Flush        1
    Daemon       Off
    Log_Level    info
    Parsers_File parsers.conf
    Log_File     fluent-bit.log

[INPUT]
    Name Tail
    Path /home/keyolk/docker.log
    Parser       docker-daemon

[OUTPUT]
    Name stdout
picture edsiper on 9 Jun 2017
👍2

All 5 comments

@keyolk note that the Parser needs to be applied to the input plugin, not the service global configuration, it should be:

[SERVICE]
    Flush        1
    Daemon       Off
    Log_Level    info
    Parsers_File parsers.conf
    Log_File     fluent-bit.log

[INPUT]
    Name Tail
    Path /home/keyolk/docker.log
    Parser       docker-daemon

[OUTPUT]
    Name stdout
edsiper picture edsiper on 9 Jun 2017
👍2

@edsiper
Thanks, but it doenst fix the issue : (

keyolk picture keyolk on 9 Jun 2017

@keyolk hi, your parser file has a typo. "Foramt regex"
It should be "Format regex"

[PARSER]
    Name docker-daemon
    Format regex
    Regex time="(?<time>[^ ]*)" level=(?<level>[^ ]*) msg="(?<msg>[^ ].*)"
    Time_Key time
    Time_Format %Y-%m-%dT%H:%M:%S.%L
nokute78 picture nokute78 on 9 Jun 2017
👍1

@nokute78 Oh... my
Thanks alot! Now all is working well : D

keyolk picture keyolk on 9 Jun 2017
🎉1

thanks @nokute78 !

edsiper picture edsiper on 9 Jun 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dbluxo picture dbluxo  路  4Comments
mhf-ir picture mhf-ir  路  4Comments
edsiper picture edsiper  路  4Comments
jcdauchy-moodys picture jcdauchy-moodys  路  3Comments
thrift24 picture thrift24  路  4Comments