This page is a glossary of common log formats that can be parsed with the Tail input plugin.
- Apache Access Log
Useformat apache2<source> @type tail format apache2 tag apache.access path /var/log/apache2/access.log </source> - Apache Error Log
Use a regular expression. See theformat<source> @type tail format /^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\] \[pid (?<pid>[^\]]*)\] \[client (?<client>[^\]]*)\] (?<message>.*)$/ tag apache.error path /var/log/apache2/error.log </source>Depending on your particular error log format, you may need to adjust the regular expression above. You can test your format usingfluentd-ui’s in_tail editor or Fluentular. - Maillog
Use a regular expression. See theformat<source> @type tail format /^(?<time>[^ ]+) (?<host>[^ ]+) (?<process>[^:]+): (?<message>((?<key>[^ :]+)[ :])? ?((to|from)=<(?<address>[^>]+)>)?.*)$/ tag postfix.maillog path /var/log/maillog </source> - Nginx Access Log
Useformat nginx<source> @type tail format nginx tag nginx.access path /var/log/nginx/access.log </source> - Nginx Error Log
Use theformat* and multiline_flush_interval<source> @type tail tag nginx.error path /var/log/nginx/error.log format multiline format_firstline /^\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2} \[\w+\] (?<pid>\d+).(?<tid>\d+): / format1 /^(?<time>\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}) \[(?<log_level>\w+)\] (?<pid>\d+).(?<tid>\d+): (?<message>.*)/ multiline_flush_interval 3s </source>If you know your error log will only contain single lines, you can use the below simpler configuration with just aformat.<source> @type tail format /^(?<time>\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}) \[(?<log_level>\w+)\] (?<pid>\d+).(?<tid>\d+): (?<message>.*)$/ tag nginx.error path /var/log/nginx/error.log </source> - GlusterFS Logs
Use theGlusterFS input plugin.
