Module: ViaqDataModelFilterSystemd
- Included in:
- Fluent::ViaqDataModelFilter
- Defined in:
- lib/fluent/plugin/filter_viaq_data_model_systemd.rb
Constant Summary collapse
- JOURNAL_FIELD_MAP_SYSTEMD_T =
map of journal fields to viaq data model field
{ "_AUDIT_LOGINUID" => "AUDIT_LOGINUID", "_AUDIT_SESSION" => "AUDIT_SESSION", "_BOOT_ID" => "BOOT_ID", "_CAP_EFFECTIVE" => "CAP_EFFECTIVE", "_CMDLINE" => "CMDLINE", "_COMM" => "COMM", "_EXE" => "EXE", "_GID" => "GID", "_MACHINE_ID" => "MACHINE_ID", "_PID" => "PID", "_SELINUX_CONTEXT" => "SELINUX_CONTEXT", "_SYSTEMD_CGROUP" => "SYSTEMD_CGROUP", "_SYSTEMD_OWNER_UID" => "SYSTEMD_OWNER_UID", "_SYSTEMD_SESSION" => "SYSTEMD_SESSION", "_SYSTEMD_SLICE" => "SYSTEMD_SLICE", "_SYSTEMD_UNIT" => "SYSTEMD_UNIT", "_SYSTEMD_USER_UNIT" => "SYSTEMD_USER_UNIT", "_TRANSPORT" => "TRANSPORT", "_UID" => "UID" }
- JOURNAL_FIELD_MAP_SYSTEMD_U =
{ "CODE_FILE" => "CODE_FILE", "CODE_FUNCTION" => "CODE_FUNCTION", "CODE_LINE" => "CODE_LINE", "ERRNO" => "ERRNO", "MESSAGE_ID" => "MESSAGE_ID", "RESULT" => "RESULT", "UNIT" => "UNIT", "SYSLOG_FACILITY" => "SYSLOG_FACILITY", "SYSLOG_IDENTIFIER" => "SYSLOG_IDENTIFIER", "SYSLOG_PID" => "SYSLOG_PID" }
- JOURNAL_FIELD_MAP_SYSTEMD_K =
{ "_KERNEL_DEVICE" => "KERNEL_DEVICE", "_KERNEL_SUBSYSTEM" => "KERNEL_SUBSYSTEM", "_UDEV_SYSNAME" => "UDEV_SYSNAME", "_UDEV_DEVNODE" => "UDEV_DEVNODE", "_UDEV_DEVLINK" => "UDEV_DEVLINK", }
- JOURNAL_TIME_FIELDS =
['_SOURCE_REALTIME_TIMESTAMP', '__REALTIME_TIMESTAMP']
Instance Method Summary collapse
Instance Method Details
#process_journal_fields(tag, time, record, fmtr_type) ⇒ Object
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 |
# File 'lib/fluent/plugin/filter_viaq_data_model_systemd.rb', line 68 def process_journal_fields(tag, time, record, fmtr_type) systemd_t = {} JOURNAL_FIELD_MAP_SYSTEMD_T.each do |jkey, key| if record.key?(jkey) systemd_t[key] = record[jkey] end end systemd_u = {} JOURNAL_FIELD_MAP_SYSTEMD_U.each do |jkey, key| if record.key?(jkey) systemd_u[key] = record[jkey] end end systemd_k = {} JOURNAL_FIELD_MAP_SYSTEMD_K.each do |jkey, key| if record.key?(jkey) systemd_k[key] = record[jkey] end end unless systemd_t.empty? (record['systemd'] ||= {})['t'] = systemd_t end unless systemd_u.empty? (record['systemd'] ||= {})['u'] = systemd_u end unless systemd_k.empty? (record['systemd'] ||= {})['k'] = systemd_k end record['level'] = normalize_level(record['level'], nil, nil, record['PRIORITY']) JOURNAL_TIME_FIELDS.each do |field| if (val = record[field]) vali = val.to_i record['time'] = Time.at(vali / 1000000, vali % 1000000).utc.to_datetime.rfc3339(6) break end end case fmtr_type when :sys_journal record['message'] = record['MESSAGE'] if record['_HOSTNAME'].eql?('localhost') && @docker_hostname record['hostname'] = @docker_hostname else record['hostname'] = record['_HOSTNAME'] end # system, non-kubernetes containers docker = {} if record.key?('CONTAINER_ID_FULL') docker['container_id'] = record['CONTAINER_ID_FULL'] end if record.key?('CONTAINER_ID') docker['container_id_short'] = record['CONTAINER_ID'] end if record.key?('CONTAINER_NAME') docker['container_name'] = record['CONTAINER_NAME'] end unless docker.empty? record['docker'] = record['docker'] ? record['docker'].merge(docker) : docker end when :k8s_journal record['message'] = record['message'] || record['MESSAGE'] || record['log'] if record.key?('kubernetes') && record['kubernetes'].respond_to?(:fetch) && \ (k8shost = record['kubernetes'].fetch('host', nil)) record['hostname'] = k8shost elsif @docker_hostname record['hostname'] = @docker_hostname else record['hostname'] = record['_HOSTNAME'] end transform_eventrouter(tag, record) end end |