Fluent-plugin-ignore-filter

Fluentd filter plugin to ignore messages.

Requirements

fluent-plugin-ignore-filter	fluentd	ruby
>= 2.0.0	>= v0.14.0	>= 2.2
< 1.2.0	>= v0.12.0	>= 1.9

Installation

# for fluentd
$ gem install fluent-plugin-ignore-filter

# for td-agent2
$ sudo td-agent-gem install fluent-plugin-ignore-filter

Usage

Example 1:

<filter alert.messages.**>
  @type ignore
  regexp1 level info
</filter>
<filter alert.messages.**>
  @type ignore
  regexp1 server_name ^dev
</filter>
<filter alert.messages.**>
  @type ignore
  regexp1 level warning|warn
  regexp2 ident kernel
</filter>

Assuming following inputs are coming:

alert.messages: {"level":"info","ident":"kernel","server_name":"prod-web",message":"some info"}
alert.messages: {"level":"warn","ident":"kernel","server_name":"prod-web","message":"failed to do something"}
alert.messages: {"level":"error","ident":"kernel","server_name":"prod-web",message":"I/O error"}
alert.messages: {"level":"warn","ident":"chronyd","server_name":"prod-web","message":"System clock wrong"}
alert.messages: {"level":"error","ident":"sudo","server_name":"prod-web","message":"conversation failed"}
alert.messages: {"level":"error","ident":"sudo","server_name":"dev-web","message":"conversation failed"}

then output bocomes as belows:

alert.messages: {"level":"error","ident":"kernel","server_name":"prod-web",message":"I/O error"}
alert.messages: {"level":"warn","ident":"chronyd","server_name":"prod-web","message":"System clock wrong"}
alert.messages: {"level":"error","ident":"sudo","server_name":"prod-web","message":"conversation failed"}

Example 2:

<filter alert.messages.**>
  @type ignore
  regexp1 level info|notice
  exclude1 ident crmd
</filter>
<filter alert.messages.**>
  @type ignore
  regexp1 level info|notice
  regexp2 ident crmd
  exclude1 message process_lrm_event
</filter>

Assuming following inputs are coming:

alert.messages: {"level":"info","ident":"kernel","server_name":"prod-web",message":"some info"}
alert.messages: {"level":"info","ident":"crmd","server_name":"prod-web","message":"process_lrm_event: Operation rundeck_monitor_0: not running"}
alert.messages: {"level":"info","ident":"crmd","server_name":"prod-web","message":"Performing"}
alert.messages: {"level":"warn","ident":"chronyd","server_name":"prod-web","message":"System clock wrong"}

then output bocomes as belows:

alert.messages: {"level":"info","ident":"crmd","server_name":"prod-web","message":"process_lrm_event: Operation rundeck_monitor_0: not running"}
alert.messages: {"level":"warn","ident":"chronyd","server_name":"prod-web","message":"System clock wrong"}

Parameters

regexp[1-20] field_key regexp

The target field key and the ignoring regular expression.
exclude[1-20] field_key regexp

The target field key and the excluding regular expression.

TODO

patches welcome!

Contributing

Fork it ( https://github.com/bungoume/fluent-plugin-ignore-filter/fork )
Create your feature branch (git checkout -b my-new-feature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create a new Pull Request

Fluent-plugin-ignore-filter

Requirements

Installation

Usage

Example 1:

Example 2:

Parameters

TODO

Contributing

Copyright

Thanks to

License