├── .gitignore
├── .travis.yml
├── CHANGELOG.md
├── Dockerfile
├── Gemfile
├── LICENSE
├── README.md
├── Rakefile
├── ci
    └── build.sh
├── daemonset
    ├── nonrbac
    │   └── fluentd.yaml
    └── rbac
    │   └── fluentd.yaml
├── entrypoint.sh
├── fluent-plugin-kubernetes_sumologic.gemspec
├── lib
    └── fluent
    │   └── plugin
    │       └── filter_kubernetes_sumologic.rb
├── screenshots
    ├── container.png
    ├── docker.png
    ├── kubelet.png
    └── kubernetes.png
└── test
    ├── helper.rb
    └── plugin
        └── test_filter_kubernetes_sumologic.rb


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Ruby ignores
 2 | *.bridgesupport
 3 | *.gem
 4 | *.rbc
 5 | .dat*
 6 | .bundle/*
 7 | .ruby-gemset
 8 | .ruby-version
 9 | .rvmrc
10 | bin/*
11 | coverage
12 | Gemfile.lock
13 | TAGS
14 | 
15 | # Mac OSX ignores
16 | .DS_Store
17 | 
18 | # VS Code ignores
19 | .vscode/*
20 | 
21 | # idea ignores
22 | .idea
23 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | lang: ruby
 2 | services: docker
 3 | before_install:
 4 |   - rm -f ./Gemfile.lock
 5 |   - gem install bundler
 6 | script: ci/build.sh
 7 | deploy:
 8 |   provider: rubygems
 9 |   skip_cleanup: true
10 |   api_key:
11 |     secure: utz+1f2fW1CTu3rTcvpqz6kcQQak4+1Fb4MvlCHKE4nqjC2ujhxjagzXydFwBVuyrw+/VvFfNshZuO5Drz3qpvcLAqPd7ptru3bnYDiwMTFBiVg3SSVtTFphlNKuwNwM4alT/7Jhi3eW0LVXYAXPA3nhh7fOkTbJb9J2FcKD1/ty1ybgFVeUJlaJ8pcqA0Q4PD/dW/6CMkzt4x2CDgsE+MsufFg2SqGelxty1vWIk4oBa6PsDgAoauX8d9KUsa5MRFi7OWTrZviDKwfHRrTb99jW/k+4iQX0+gwIWDOQwTrajQreNIShvwciiA71MdQ60uFNPQYLretrt2C1cIyeB6Vyt/ozGREo6JfLpCNiwwS2PmWknDsa4nQFytrE6wH9qRQz89Q8vkr4dMlneVIgUDkQBVe7nVuatKOBMwN+ZxHLoDdVcGzLz2wWIzc7FcIiUWFphOiWmZB8G4+St+zOyVCTM25qHby9xs0DDveXyCLXCL2CCip7lG7ZnBaWrmW43YvLKKip2NGmlmi6oecsvT8IbCMxJoj5hGgJXbzYC8dAJ0ZATuVbQuzn94hhPwWWOLkcJ3xqg8jzEwoiMhYvzjvywTlKlc+lgglXIvQVfA4HXmttYX1WkbXuQD4CtdUgdB5JznsaVQo3n9UwD1iiAk/kuwWyKOOC+AmSX2SKlb0=
12 |   gem: fluent-plugin-kubernetes_sumologic
13 |   on:
14 |     tags: true
15 |     repo: SumoLogic/fluentd-kubernetes-sumologic
16 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
  1 | # Change Log
  2 | 
  3 | ## 2.4.0
  4 | - Improve Ruby GC to fix #121 [(#125)](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/125)
  5 | - Migrate FluentD Conf files to ConfigMap to make customizing FluentD conf simpler [(#124)](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/124)
  6 | - Add /u01 mount for running fluentd plugin under OCI OKE [(#129)](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/129)
  7 | - Add support for log metadata [(#133)](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/133)
  8 | 
  9 | ## 2.3.1
 10 | - Support %{pod_id} interpolation in source metadata [(#110)](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/110)
 11 | - Support forward input as source [(#113)](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/113)
 12 | 
 13 | 
 14 | ## 2.3.0
 15 | - Polish "reduce metadata" feature with keeping `namespace_name` [(#108)](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/108)
 16 | - Bug fix - missing params in `containers.**` [(#109)](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/109)
 17 | 
 18 | ## 2.2.0
 19 | - bump base image to 1.3.2
 20 | - upgrade Sumo Logic FluentD Output plugin to 1.4.0, expose timestamp_key configuration
 21 | 
 22 | ## 2.1.0
 23 | - [Correctly remove the dynamic replicaset from the pod_name](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/100)
 24 | - [Control adding time and stream](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/96)
 25 | - [Reduce k8s metadata logs](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/92)
 26 | 
 27 | ## 2.0.0
 28 | - remove duplicate control plane logs to resolve #79.  Considered a breaking change as this requires the Kubernetes App in Sumo Logic to be updated as it previously used these logs. Please [see here](README.md#upgrading-to-v200) for more information.
 29 | - set kubernetes metadata filter plugin logging to warn to remove noisy logs
 30 | - upgrade docker image to fluentd 1.2.6
 31 | - add rewrite-tag-filter and prometheus plugins
 32 | - test for existence of labels key in kubernetes metadata 
 33 | 
 34 | ## 1.2.0
 35 | - change version scheme
 36 | - [Add labels to k8s_metadata](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/83)
 37 | - [Add source_host to conf.d/systemd/source.containers.conf](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/84)
 38 | - minor refactoring and testing
 39 | - upgrade fluent-plugin-sumologic_output to latest (1.3.1)
 40 | - expose additional configuration options to provide more control over fluent-plugin-kubernetes_metadata_filter using default values (fixes #80 and #35)
 41 | 
 42 | ## 1.18
 43 | - add FluentD S3 Output plugin to give more output options.   
 44 | 
 45 | ## 1.17
 46 | - [fix #69 by upgrading sumologic fluentd output to 1.1.1 which contains fix to handle json parsing correctly](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/commit/498bd09fc2f353f0986ef3a9c583e4fb8ce7b401)
 47 | 
 48 | ## 1.16
 49 | -[Enable ability to configure enable_stat_watcher on in_tail plugins to workaround issue where inotify may hang.](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/commit/b963866aea0587d079913f87ca1a60b4d8afb982)
 50 | 
 51 | ## 1.15
 52 | -[Expose environment variable to configure proxy_uri in sumo out configuration](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/issues/65)
 53 | -[Allow container path for in_tail plugin to be configured via environment variable.  Default to current value for backwards compatibility.](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/issues/64)
 54 | 
 55 | ## 1.14
 56 | -[kubernetes_sumologic plugin always adds a timestamp field to json logs](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/issues/61)
 57 | 
 58 | ## 1.13
 59 | -[Add ntp and timesyncd to systemd services](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/59#pullrequestreview-115374648)
 60 | -[Updates to new Audit Logging format](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/commit/90cc454927055cd337a91942b285e6b57264e8c5)
 61 | 
 62 | ## 1.12
 63 | -[Allow hand picked data to be sent to sumo when certain exclusions apply](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/58)
 64 | 
 65 | ## 1.11
 66 | -[upgrade metadata filter plugin to address #54](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/commit/eb7a69ce5b36a9d8150bd0a0b62f98fb18d35367)
 67 | 
 68 | ## 1.10
 69 | - [add missing exclude options to kubelet logs](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/commit/ced3304f1e64173554a8dee6367c785945f3ce99)
 70 | - [Use multi-stage build to eliminate build tools from final image](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/57)
 71 | 
 72 | ## 1.9
 73 | - base docker image was quite stale, this release bumps to 1.1.3 and anchors the plugins to specific versions.  Same versions from 1.8 used, this just enforces consistency.
 74 | - ensure read_from_head in systemd respects setting via environment variable 
 75 | 
 76 | ## 1.8
 77 | - [Change default FLUSH_INTERVAL to 5s](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/commit/7b100306d6c84335ee0d4ec6724a3218e8028893)
 78 | - [Handle possible timeout from Concat Plugin and ensure all logs resume the flow thru rest of pipeline when this occurs](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/commit/7b100306d6c84335ee0d4ec6724a3218e8028893)
 79 | - [Allow the time_key field to be defined via environment variables](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/53)
 80 | 
 81 | ## 1.7
 82 | - [Fix typo in sumologic kubernetes filter](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/51)
 83 | 
 84 | ## v1.6
 85 |  - upgrade fluentd-sumo_output plugin to latest 1.0, adds support for millisecond precision.
 86 |  - add support for kubernetes audit log
 87 | 
 88 | ## v1.5
 89 | 
 90 | - [Setting up tolerations](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/43)
 91 | - [add some etcdadm services](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/41)
 92 | - [Add RBAC permissions ](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/40)
 93 | 
 94 | ## v1.4
 95 | 
 96 | - [add support for multi-line log messages ](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/33)
 97 | 
 98 | ## v1.3
 99 | 
100 | - [fix empty? checks on nil values by switching defaults to empty strings](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/32)
101 | 
102 | ## v1.2
103 | 
104 | - [Enable monitoring endpoints](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/28)
105 | 
106 | ## v1.1
107 | 
108 | - [Add support for systemd](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/pull/21).
109 | 
110 | ## v1.0
111 | 
112 | - Initial tag
113 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM fluent/fluentd:v1.3.2-debian AS builder
 2 | 
 3 | ENV PATH /home/fluent/.gem/ruby/2.3.0/bin:$PATH
 4 | 
 5 | COPY ./fluent-plugin-kubernetes_sumologic*.gem ./
 6 | 
 7 | # New fluent image dynamically creates user in entrypoint
 8 | RUN [ -f /bin/entrypoint.sh ] && /bin/entrypoint.sh echo || : && \
 9 |     apt-get update && \
10 |     apt-get install -y build-essential ruby-dev libffi-dev libsystemd-dev && \
11 |     gem install fluent-plugin-s3 -v 1.1.4 && \
12 |     gem install fluent-plugin-systemd -v 0.3.1 && \
13 |     gem install fluent-plugin-record-reformer -v 0.9.1 && \
14 |     gem install fluent-plugin-kubernetes_metadata_filter -v 1.0.2 && \
15 |     gem install fluent-plugin-sumologic_output -v 1.4.0 && \
16 |     gem install fluent-plugin-concat -v 2.3.0 && \
17 |     gem install fluent-plugin-rewrite-tag-filter -v 2.1.0 && \
18 |     gem install fluent-plugin-prometheus -v 1.1.0 && \
19 |     gem install fluent-plugin-kubernetes_sumologic && \
20 |     rm -rf /home/fluent/.gem/ruby/2.3.0/cache/*.gem && \
21 |     gem sources -c && \
22 |     apt-get remove --purge -y build-essential ruby-dev libffi-dev libsystemd-dev && \
23 |     rm -rf /var/lib/apt/lists/*
24 | 
25 | FROM fluent/fluentd:v1.3.2-debian
26 | 
27 | WORKDIR /home/fluent
28 | ENV PATH /home/fluent/.gem/ruby/2.3.0/bin:$PATH
29 | 
30 | RUN mkdir -p /mnt/pos
31 | EXPOSE 24284
32 | 
33 | RUN mkdir -p /fluentd/etc && \
34 |     mkdir -p /fluentd/plugins
35 | 
36 | # Default settings
37 | ENV LOG_FORMAT "json"
38 | ENV FLUSH_INTERVAL "5s"
39 | ENV NUM_THREADS "1"
40 | ENV SOURCE_CATEGORY "%{namespace}/%{pod_name}"
41 | ENV SOURCE_CATEGORY_PREFIX "kubernetes/"
42 | ENV SOURCE_CATEGORY_REPLACE_DASH "/"
43 | ENV SOURCE_NAME "%{namespace}.%{pod}.%{container}"
44 | ENV KUBERNETES_META "true"
45 | ENV KUBERNETES_META_REDUCE "false"
46 | ENV READ_FROM_HEAD "true"
47 | ENV FLUENTD_SOURCE "file"
48 | ENV FLUENTD_USER_CONFIG_DIR "/fluentd/conf.d/user"
49 | ENV MULTILINE_START_REGEXP "/^\w{3} \d{1,2}, \d{4}/"
50 | ENV CONCAT_SEPARATOR ""
51 | ENV AUDIT_LOG_PATH "/mnt/log/kube-apiserver-audit.log"
52 | ENV TIME_KEY "time"
53 | ENV ADD_TIMESTAMP "true"
54 | ENV TIMESTAMP_KEY "timestamp"
55 | ENV ADD_STREAM "true"
56 | ENV ADD_TIME "true"
57 | ENV CONTAINER_LOGS_PATH "/mnt/log/containers/*.log"
58 | ENV ENABLE_STAT_WATCHER "true"
59 | ENV K8S_METADATA_FILTER_WATCH "true"
60 | ENV K8S_METADATA_FILTER_VERIFY_SSL "true"
61 | ENV K8S_METADATA_FILTER_BEARER_CACHE_SIZE "1000"
62 | ENV K8S_METADATA_FILTER_BEARER_CACHE_TTL "3600"
63 | ENV VERIFY_SSL "true"
64 | ENV FORWARD_INPUT_BIND "0.0.0.0"
65 | ENV FORWARD_INPUT_PORT "24224"
66 | 
67 | COPY --from=builder /var/lib/gems /var/lib/gems
68 | COPY ./entrypoint.sh /fluentd/
69 | 
70 | ENTRYPOINT ["/fluentd/entrypoint.sh"]
71 | 


--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 | 
3 | group :test do
4 |   gem 'codecov'
5 |   gem 'simplecov'
6 |   gem 'webmock'
7 | end
8 | 
9 | gemspec


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "{}"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright {yyyy} {name of copyright owner}
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | [![Build Status](https://travis-ci.org/SumoLogic/fluentd-kubernetes-sumologic.svg?branch=master)](https://travis-ci.org/SumoLogic/fluentd-kubernetes-sumologic) [![Gem Version](https://badge.fury.io/rb/fluent-plugin-kubernetes_sumologic.svg)](https://badge.fury.io/rb/fluent-plugin-kubernetes_sumologic) [![Docker Pulls](https://img.shields.io/docker/pulls/sumologic/fluentd-kubernetes-sumologic.svg)](https://hub.docker.com/r/sumologic/fluentd-kubernetes-sumologic) [![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/SumoLogic/fluentd-output-sumologic/issues)
  2 | 
  3 | ## Deprecation notice
  4 | Sumo Logic has ended development of this project, which has been replaced by the officially supported [Sumo Logic Kubernetes Collection](https://github.com/SumoLogic/sumologic-kubernetes-collection) project. If you are planning to set up collection from a new cluster to Sumo Logic, we highly recommend that you use the supported Sumo Logic Kubernetes Collection project rather than this one. We will continue to support bug fixes for this project, but we expect to end support in summer 2020. Please consult the Kubernetes Collection project for instructions on how to [migrate existing instances](https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/master/deploy/docs/Migration_Steps.md) of this project to our new, fully supported solution.
  5 | 
  6 | This page describes the Sumo Kubernetes [Fluentd](http://www.fluentd.org/) plugin.
  7 | 
  8 | ## Support
  9 | The code in this repository has been developed in collaboration with the Sumo Logic community and is not supported via standard Sumo Logic Support channels. For any issues or questions please submit an issue within the GitHub repository. The maintainers of this project will work directly with the community to answer any questions, address bugs, or review any requests for new features. 
 10 | 
 11 | ## Installation
 12 | 
 13 | The plugin runs as a Kubernetes [DaemonSet](http://kubernetes.io/docs/admin/daemons/); it runs an instance of the plugin on each host in a cluster. Each plugin instance pulls system, kubelet, docker daemon, and container logs from the host and sends them, in JSON or text format, to an HTTP endpoint on a hosted collector in the [Sumo](http://www.sumologic.com) service.  Note the plugin with default configuration requires Kubernetes >=1.8.  See [the section below on running this on Kubernetes <1.8](#running-on-kubernetes-versions-<1.8)
 14 | 
 15 | - [Step 1  Create hosted collector and HTTP source in Sumo](#step-1--create-hosted-collector-and-http-source-in-sumo)
 16 | - [Step 2  Create a Kubernetes secret](#step-2--create-a-kubernetes-secret)
 17 | - [Step 3  Install the Sumo Kubernetes FluentD plugin](#step-3--install-the-sumo-kubernetes-fluentd-plugin)
 18 |   * [Option A  Install plugin using kubectl](#option-a--install-plugin-using-kubectl)
 19 |   * [Option B  Helm chart](#option-b--helm-chart)
 20 | - [Environment variables](#environment-variables)
 21 |     + [Override environment variables using annotations](#override-environment-variables-using-annotations)
 22 |     + [Exclude data using annotations](#exclude-data-using-annotations)
 23 |     + [Include excluded using annotations](#include-excluded-using-annotations)
 24 | - [Step 4 Set up Heapster for metric collection](#step-4-set-up-heapster-for-metric-collection)
 25 |   * [Kubernetes ConfigMap](#kubernetes-configmap)
 26 |   * [Kubernetes Service](#kubernetes-service)
 27 |   * [Kubernetes Deployment](#kubernetes-deployment)
 28 | - [Log data](#log-data)
 29 |   * [Docker](#docker)
 30 |   * [Kubelet](#kubelet)
 31 |   * [Containers](#containers)
 32 | - [Taints and Tolerations](#taints-and-tolerations)
 33 | - [Running On OpenShift](#running-on-openshift)
 34 | 
 35 | 
 36 | 
 37 | ![deployment](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/blob/master/screenshots/kubernetes.png)
 38 | 
 39 | # Step 1  Create hosted collector and HTTP source in Sumo
 40 | 
 41 | In this step you create, on the Sumo service, an HTTP endpoint to receive your logs. This process involves creating an HTTP source on a hosted collector in Sumo. In Sumo, collectors use sources to receive data.
 42 | 
 43 | 1. If you don’t already have a Sumo account, you can create one by clicking the **Free Trial** button on https://www.sumologic.com/.
 44 | 2. Create a hosted collector, following the instructions on [Configure a Hosted Collector](https://help.sumologic.com/Send-Data/Hosted-Collectors/Configure-a-Hosted-Collector) in Sumo help. (If you already have a Sumo hosted collector that you want to use, skip this step.)  
 45 | 3. Create an HTTP source on the collector you created in the previous step. For instructions, see [HTTP Logs and Metrics Source](https://help.sumologic.com/Send-Data/Sources/02Sources-for-Hosted-Collectors/HTTP-Source) in Sumo help. 
 46 | 4. When you have configured the HTTP source, Sumo will display the URL of the HTTP endpoint. Make a note of the URL. You will use it when you configure the Kubernetes service to send data to Sumo. 
 47 | 
 48 | # Step 2  Create a Kubernetes secret
 49 | 
 50 | Create a secret in Kubernetes with the HTTP source URL. If you want to change the secret name, you must modify the Kubernetes manifest accordingly.
 51 | 
 52 | `kubectl create secret generic sumologic --from-literal=collector-url=INSERT_HTTP_URL`
 53 | 
 54 | You should see the confirmation message 
 55 | 
 56 | `secret "sumologic" created.`
 57 | 
 58 | # Step 3  Install the Sumo Kubernetes FluentD plugin
 59 | 
 60 | Follow the instructions in Option A below to install the plugin using `kubectl`. If you prefer to use a Helm chart, see Option B. 
 61 | 
 62 | Before you start, see [Environment variables](#environment-variables) for information about settings you can customize, and how to use annotations to override selected environment variables and exclude data from being sent to Sumo.
 63 | 
 64 | ## Option A  Install plugin using kubectl
 65 | 
 66 | See the sample Kubernetes DaemonSet and Role in [fluentd.yaml](/daemonset/rbac/fluentd.yaml).
 67 | 
 68 | 1. Clone the [GitHub repo](https://github.com/SumoLogic/fluentd-kubernetes-sumologic).
 69 | 
 70 | 2. In `fluentd-kubernetes-sumologic`, install the chart using `kubectl`.
 71 | 
 72 | Which `.yaml` file you should use depends on whether or not you are running RBAC for authorization. RBAC is enabled by default as of Kubernetes 1.6.  Note the plugin with default configuration requires Kubernetes >=1.8. See the section below on [running this on Kubernetes <1.8](#running-on-kubernetes-versions-<1.8)
 73 |                                                                                                                                                       
 74 | **Non-RBAC (Kubernetes 1.5 and below)** 
 75 | 
 76 | `kubectl create -f /daemonset/nonrbac/fluentd.yaml` 
 77 | 
 78 | **RBAC (Kubernetes 1.6 and above)** <br/><br/>`kubectl create -f /daemonset/rbac/fluentd.yaml`
 79 | 
 80 | 
 81 | **Note** if you modified the command in Step 2 to use a different name, update the `.yaml` file to use the correct secret.
 82 | 
 83 | Logs should begin flowing into Sumo within a few minutes of plugin installation.
 84 | 
 85 | ## Option B  Helm chart
 86 | If you use Helm to manage your Kubernetes resources, there is a Helm chart for the plugin at https://github.com/kubernetes/charts/tree/master/stable/sumologic-fluentd.
 87 | 
 88 | # Environment variables
 89 | 
 90 | Environment | Variable Description
 91 | ----------- | --------------------
 92 | `AUDIT_LOG_PATH`|Define the path to the [Kubernetes Audit Log](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) <br/><br/> Default: `/mnt/log/kube-apiserver-audit.log`
 93 | `CONCAT_SEPARATOR` |The character to use to delimit lines within the final concatenated message. Most multi-line messages contain a newline at the end of each line. <br/><br/> Default: ""
 94 | `EXCLUDE_CONTAINER_REGEX` |A regular expression for containers. Matching containers will be excluded from Sumo. The logs will still be sent to FluentD.
 95 | `EXCLUDE_FACILITY_REGEX`|A regular expression for syslog [facilities](https://en.wikipedia.org/wiki/Syslog#Facility). Matching facilities will be excluded from Sumo. The logs will still be sent to FluentD.
 96 | `EXCLUDE_HOST_REGEX`|A regular expression for hosts. Matching hosts will be excluded from Sumo. The logs will still be sent to FluentD.
 97 | `EXCLUDE_NAMESPACE_REGEX`|A regular expression for `namespaces`. Matching `namespaces` will be excluded from Sumo. The logs will still be sent to FluentD.
 98 | `EXCLUDE_PATH`|Files matching this pattern will be ignored by the `in_tail` plugin, and will not be sent to Kubernetes or Sumo. This can be a comma-separated list as well. See [in_tail](http://docs.fluentd.org/v0.12/articles/in_tail#excludepath) documentation for more information. <br/><br/> For example, defining `EXCLUDE_PATH` as shown below excludes all files matching `/var/log/containers/*.log`, <br/><br/>`...`<br/><br/>`env:`<br/>   - `name: EXCLUDE_PATH`<br/>         `value: "[\"/var/log/containers/*.log\"]"`
 99 | `EXCLUDE_POD_REGEX`|A regular expression for pods. Matching pods will be excluded from Sumo. The logs will still be sent to FluentD.
100 | `EXCLUDE_PRIORITY_REGEX`|A regular expression for syslog [priorities](https://en.wikipedia.org/wiki/Syslog#Severity_level). Matching priorities will be excluded from Sumo. The logs will still be sent to FluentD.
101 | `EXCLUDE_UNIT_REGEX` |A regular expression for `systemd` units. Matching units will be excluded from Sumo. The logs will still be sent to FluentD.
102 | `FLUENTD_SOURCE`|Fluentd can use log tail, systemd query or forward as the source, Allowable values: `file`, `systemd`, `forward`. <br/><br/>Default: `file`
103 | `FLUENTD_USER_CONFIG_DIR`|A directory of user-defined fluentd configuration files, which must be in the  `*.conf` directory in the container.
104 | `FLUSH_INTERVAL` |How frequently to push logs to Sumo.<br/><br/>Default: `5s`
105 | `KUBERNETES_META`|Include or exclude Kubernetes metadata such as `namespace` and `pod_name` if using JSON log format. <br/><br/>Default: `true`
106 | `KUBERNETES_META_REDUCE`| Reduces redundant Kubernetes metadata, see [_Reducing Kubernetes Metadata_](#reducing-kubernetes-metadata). <br></br>Default: `false`
107 | `LOG_FORMAT`|Format in which to post logs to Sumo. Allowable values:<br/><br/>`text`—Logs will appear in SumoLogic in text format.<br/>`json`—Logs will appear in SumoLogic in json format.<br/>`json_merge`—Same as json but if the container logs in json format to stdout it will merge in the container json log at the root level and remove the log field.<br/><br/>Default: `json`
108 | `MULTILINE_START_REGEXP`|The regular expression for the `concat` plugin to use when merging multi-line messages. Defaults to Julian dates, for example, Jul 29, 2017.
109 | `NUM_THREADS`|Set the number of HTTP threads to Sumo. It might be necessary to do so in heavy-logging clusters. <br/><br/>Default: `1`
110 | `READ_FROM_HEAD`|Start to read the logs from the head of file, not bottom. Only applies to containers log files. See in_tail doc for more information.<br/><br/>Default: `true` 
111 | `SOURCE_CATEGORY` |Set the `_sourceCategory` metadata field in Sumo. <br/><br/>Default: `"%{namespace}/%{pod_name}"`
112 | `SOURCE_CATEGORY_PREFIX`|Prepends a string that identifies the cluster to the `_sourceCategory` metadata field in Sumo.<br/><br/>Default:  `kubernetes/`
113 | `SOURCE_CATEGORY_REPLACE_DASH` |Used to replace a dash (-) character with another character. <br/><br/>Default:  `/`<br/><br/>For example, a Pod called `travel-nginx-3629474229-dirmo` within namespace `app` will appear in Sumo with `_sourceCategory=app/travel/nginx`.
114 | `SOURCE_HOST`|Set the `_sourceHost` metadata field in Sumo.<br/><br/>Default: `""`
115 | `SOURCE_NAME`|Set the `_sourceName` metadata field in Sumo. <br/><br/> Default: `"%{namespace}.%{pod}.%{container}"`
116 | `TIME_KEY`|The field name for json formatted sources that should be used as the time. See [time_key](https://docs.fluentd.org/v0.12/articles/formatter_json#time_key-(string,-optional,-defaults-to-%E2%80%9Ctime%E2%80%9D)). Default: `time`
117 | `ADD_TIMESTAMP`|Option to control adding timestamp to logs. Default: `true`
118 | `TIMESTAMP_KEY`|Field name when add_timestamp is on. Default: `timestamp`
119 | `ADD_STREAM`|Option to control adding stream to logs. Default: `true`
120 | `ADD_TIME`|Option to control adding time to logs. Default: `true`
121 | `CONTAINER_LOGS_PATH`|Specify the path in_tail should watch for container logs. Default: `/mnt/log/containers/*.log`
122 | `PROXY_URI`|Add the uri of the proxy environment if present.
123 | `ENABLE_STAT_WATCHER`|Option to control the enabling of [stat_watcher](https://docs.fluentd.org/v1.0/articles/in_tail#enable_stat_watcher). Default: `true`
124 | `K8S_METADATA_FILTER_WATCH`|Option to control the enabling of [metadata filter plugin watch](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter#configuration). Default: `true`
125 | `K8S_METADATA_FILTER_CA_FILE`|Option to control the enabling of [metadata filter plugin ca_file](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter#configuration).
126 | `K8S_METADATA_FILTER_VERIFY_SSL`|Option to control the enabling of [metadata filter plugin verify_ssl](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter#configuration). Default: `true`
127 | `K8S_METADATA_FILTER_CLIENT_CERT`|Option to control the enabling of [metadata filter plugin client_cert](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter#configuration).
128 | `K8S_METADATA_FILTER_CLIENT_KEY`|Option to control the enabling of [metadata filter plugin client_key](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter#configuration).
129 | `K8S_METADATA_FILTER_BEARER_TOKEN_FILE`|Option to control the enabling of [metadata filter plugin bearer_token_file](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter#configuration).
130 | `K8S_METADATA_FILTER_BEARER_CACHE_SIZE`|Option to control the enabling of [metadata filter plugin cache_size](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter#configuration). Default: `1000`
131 | `K8S_METADATA_FILTER_BEARER_CACHE_TTL`|Option to control the enabling of [metadata filter plugin cache_ttl](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter#configuration). Default: `3600`
132 | `K8S_NODE_NAME`|If set, improves [caching of pod metadata](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter#environment-variables-for-kubernetes) and reduces API calls. 
133 | `VERIFY_SSL`|Verify ssl certificate of sumologic endpoint. Default: `true`
134 | `FORWARD_INPUT_BIND`|The bind address to listen to if using forward as `FLUENTD_SOURCE`. Default: `0.0.0.0` (all addresses)
135 | `FORWARD_INPUT_PORT`|The port to listen to if using forward as `FLUENTD_SOURCE`. Default: `24224`
136 | 
137 | 
138 | The following table show which  environment variables affect which Fluentd sources.
139 | 
140 | | Environment Variable | Containers | Docker | Kubernetes | Systemd |
141 | |----------------------|------------|--------|------------|---------|
142 | | `EXCLUDE_CONTAINER_REGEX` | ✔ | ✘ | ✘ | ✘ |
143 | | `EXCLUDE_FACILITY_REGEX` | ✘ | ✘ | ✘ | ✔ |
144 | | `EXCLUDE_HOST_REGEX `| ✔ | ✘ | ✘ | ✔ |
145 | | `EXCLUDE_NAMESPACE_REGEX` | ✔ | ✘ | ✔ | ✘ |
146 | | `EXCLUDE_PATH` | ✔ | ✔ | ✔ | ✘ |
147 | | `EXCLUDE_PRIORITY_REGEX` | ✘ | ✘ | ✘ | ✔ |
148 | | `EXCLUDE_POD_REGEX` | ✔ | ✘ | ✘ | ✘ |
149 | | `EXCLUDE_UNIT_REGEX` | ✘ | ✘ | ✘ | ✔ |
150 | | `TIME_KEY` | ✔ | ✘ | ✘ | ✘ |
151 | 
152 | ### FluentD stops processing logs
153 | When dealing with large volumes of data (TB's from what we have seen), FluentD may stop processing logs, but continue to run.  This issue seems to be caused by the [scalability of the inotify process](https://github.com/fluent/fluentd/issues/1630) that is packaged with the FluentD in_tail plugin.  If you encounter this situation, setting the `ENABLE_STAT_WATCHER` to `false` should resolve this issue.
154 | 
155 | ### Reducing Kubernetes metadata
156 | 
157 | You can use the `KUBERNETES_META_REDUCE` environment variable (global) or the `sumologic.com/kubernetes_meta_reduce` annotation (per pod) to reduce the amount of Kubernetes metadata included with each log line under the `kubernetes` field. 
158 | 
159 | When set, FluentD will remove the following properties:
160 | 
161 | * `pod_id`
162 | * `container_id`
163 | * `namespace_id`
164 | * `master_url`
165 | * `labels`
166 | * `annotations`
167 | 
168 | Logs will still include:
169 | 
170 | * `pod_name`
171 | * `container_name`
172 | * `namespace_name`
173 | * `host`
174 | 
175 | These fields still allow you to uniquely identify a pod and look up additional details with the Kubernetes API.
176 | 
177 | ```yaml
178 | apiVersion: v1
179 | kind: ReplicationController
180 | metadata:
181 |   name: nginx
182 | spec:
183 |   replicas: 1
184 |   selector:
185 |     app: mywebsite
186 |   template:
187 |     metadata:
188 |       name: nginx
189 |       labels:
190 |         app: mywebsite
191 |       annotations:
192 |         sumologic.com/kubernetes_meta_reduce: "true"
193 |     spec:
194 |       containers:
195 |       - name: nginx
196 |         image: nginx
197 |         ports:
198 |         - containerPort: 80
199 | ```
200 | 
201 | 
202 | ### Override environment variables using annotations
203 | You can override the `LOG_FORMAT`, `KUBERNETES_META_REDUCE`, `SOURCE_CATEGORY` and `SOURCE_NAME` environment variables, per pod, using [Kubernetes annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). For example:
204 | 
205 | ```
206 | apiVersion: v1
207 | kind: ReplicationController
208 | metadata:
209 |   name: nginx
210 | spec:
211 |   replicas: 1
212 |   selector:
213 |     app: mywebsite
214 |   template:
215 |     metadata:
216 |       name: nginx
217 |       labels:
218 |         app: mywebsite
219 |       annotations:
220 |         sumologic.com/format: "text"
221 |         sumologic.com/kubernetes_meta_reduce: "true"
222 |         sumologic.com/sourceCategory: "mywebsite/nginx"
223 |         sumologic.com/sourceName: "mywebsite_nginx"
224 |     spec:
225 |       containers:
226 |       - name: nginx
227 |         image: nginx
228 |         ports:
229 |         - containerPort: 80
230 | ```
231 | 
232 | ### Exclude data using annotations
233 | 
234 | You can also use the `sumologic.com/exclude` annotation to exclude data from Sumo. This data is sent to FluentD, but not to Sumo.
235 | 
236 | ```
237 | apiVersion: v1
238 | kind: ReplicationController
239 | metadata:
240 |   name: nginx
241 | spec:
242 |   replicas: 1
243 |   selector:
244 |     app: mywebsite
245 |   template:
246 |     metadata:
247 |       name: nginx
248 |       labels:
249 |         app: mywebsite
250 |       annotations:
251 |         sumologic.com/format: "text"
252 |         sumologic.com/sourceCategory: "mywebsite/nginx"
253 |         sumologic.com/sourceName: "mywebsite_nginx"
254 |         sumologic.com/exclude: "true"
255 |     spec:
256 |       containers:
257 |       - name: nginx
258 |         image: nginx
259 |         ports:
260 |         - containerPort: 80
261 | ```
262 | 
263 | ### Include excluded using annotations
264 | 
265 | If you excluded a whole namespace, but still need one or few pods to be still included for shipping to Sumologic, you can use the `sumologic.com/include` annotation to include data to Sumo. It takes precedence over the exclusion described above.
266 | 
267 | ```
268 | apiVersion: v1
269 | kind: ReplicationController
270 | metadata:
271 |   name: nginx
272 | spec:
273 |   replicas: 1
274 |   selector:
275 |     app: mywebsite
276 |   template:
277 |     metadata:
278 |       name: nginx
279 |       labels:
280 |         app: mywebsite
281 |       annotations:
282 |         sumologic.com/format: "text"
283 |         sumologic.com/sourceCategory: "mywebsite/nginx"
284 |         sumologic.com/sourceName: "mywebsite_nginx"
285 |         sumologic.com/include: "true"
286 |     spec:
287 |       containers:
288 |       - name: nginx
289 |         image: nginx
290 |         ports:
291 |         - containerPort: 80
292 | ```
293 | 
294 | # Step 4 Set up Heapster for metric collection
295 | 
296 | The recommended way to collect metrics from Kubernetes clusters is to use Heapster and a Sumo collector with a Graphite source. 
297 | 
298 | Heapster aggregates metrics across a Kubenetes cluster. Heapster runs as a pod in the cluster, and  discovers all nodes in the cluster and queries usage information from each node's `kubelet`—the on-machine Kubernetes agent. 
299 | 
300 | Heapster provides metrics at the cluster, node and pod level.
301 | 
302 | 1. Install Heapster in your Kubernetes cluster and configure a Graphite Sink to send the data in Graphite format to Sumo. For instructions, see 
303 | https://github.com/kubernetes/heapster/blob/master/docs/sink-configuration.md#graphitecarbon. Assuming you have used the below YAML files to configure your system, then the sink option in graphite would be `--sink=graphite:tcp://sumo-graphite.kube-system.svc:2003`.  You may need to change this depending on the namespace you run the deployment in, the name of the service or the port number for your Graphite source.
304 | 
305 | 2. Use the Sumo Docker container. For instructions, see https://hub.docker.com/r/sumologic/collector/.
306 | 
307 | 3. The following sections contain an  example configmap, which contains the `sources.json` configuration, an example service, and an example deployment. Create these manifests in Kubernetes using `kubectl`.
308 | 
309 | 
310 | ## Kubernetes ConfigMap
311 | ```
312 | kind: ConfigMap
313 | apiVersion: v1
314 | metadata:
315 |   name: "sumo-sources"
316 | data:
317 |   sources.json: |-
318 |     {
319 |       "api.version": "v1",
320 |       "sources": [
321 |         {
322 |           "name": "SOURCE_NAME",
323 |           "category": "SOURCE_CATEGORY",
324 |           "automaticDateParsing": true,
325 |           "contentType": "Graphite",
326 |           "timeZone": "UTC",
327 |           "encoding": "UTF-8",
328 |           "protocol": "TCP",
329 |           "port": 2003,
330 |           "sourceType": "Graphite"
331 |         }
332 |       ]
333 |     }
334 | 
335 | ```
336 | ## Kubernetes Service
337 | ```
338 | apiVersion: v1
339 | kind: Service
340 | metadata:
341 |   name: sumo-graphite
342 | spec:
343 |   ports:
344 |     - port: 2003
345 |   selector:
346 |     app: sumo-graphite
347 | ```
348 | ## Kubernetes Deployment
349 | ```
350 | apiVersion: extensions/v1beta1
351 | kind: Deployment
352 | metadata:
353 |   labels:
354 |     app: sumo-graphite
355 |   name: sumo-graphite
356 | spec:
357 |   replicas: 2
358 |   template:
359 |     metadata:
360 |       labels:
361 |         app: sumo-graphite
362 |     spec:
363 |       volumes:
364 |       - name: sumo-sources
365 |         configMap:
366 |           name: sumo-sources
367 |           items:
368 |           - key: sources.json
369 |             path: sources.json
370 |       containers:
371 |       - name: sumo-graphite
372 |         image: sumologic/collector:latest
373 |         ports:
374 |         - containerPort: 2003
375 |         volumeMounts:
376 |         - mountPath: /sumo
377 |           name: sumo-sources
378 |         env:
379 |         - name: SUMO_ACCESS_ID
380 |           value: <SUMO_ACCESS_ID>
381 |         - name: SUMO_ACCESS_KEY
382 |           value: <SUMO_ACCESS_KEY>
383 |         - name: SUMO_SOURCES_JSON
384 |           value: /sumo/sources.json
385 | 
386 | ```
387 | 
388 | # Templating Kubernetes metadata
389 | The following Kubernetes metadata is available for string templating:
390 |  
391 | | String template  | Description                                             |
392 | | ---------------  | ------------------------------------------------------  |                                         
393 | | `%{namespace}`   | Namespace name                                          |
394 | | `%{pod}`         | Full pod name (e.g. `travel-products-4136654265-zpovl`) | 
395 | | `%{pod_name}`    | Friendly pod name (e.g. `travel-products`)              | 
396 | | `%{pod_id}`      | The pod's uid (a UUID)                                  | 
397 | | `%{container}`   | Container name                                          |
398 | | `%{source_host}` | Host                                                    |
399 | | `%{label:foo}`   | The value of label `foo`                                | 
400 | 
401 | ## Missing labels
402 | Unlike the other templates, labels are not guaranteed to exist, so missing labels interpolate as `"undefined"`.
403 | 
404 | For example, if you have only the label `app: travel` but you define `SOURCE_NAME="%{label:app}@%{label:version}"`, the source name will appear as `travel@undefined`.
405 | 
406 | # Log data
407 | After performing the configuration described above, your logs should start streaming to SumoLogic in `json` or text format with the appropriate metadata. If you are using `json` format you can auto extract fields, for example `_sourceCategory=some/app | json auto`.
408 | 
409 | ## Docker
410 | ![Docker Logs](/screenshots/docker.png)
411 | 
412 | ## Kubelet
413 | Note that Kubelet logs are only collected if you are using systemd.  Kubernetes no longer outputs the kubelet logs to a file.
414 | ![Docker Logs](/screenshots/kubelet.png)
415 | 
416 | ## Containers
417 | ![Docker Logs](/screenshots/container.png)
418 | 
419 | # Taints and Tolerations
420 | By default, the fluentd pods will schedule on, and therefore collect logs from, any worker nodes that do not have a taint and any master node that does not have a taint beyond the default master taint. If you would like to schedule pods on all nodes, regardless of taints, uncomment the following line from fluentd.yaml before applying it.
421 | 
422 | ```
423 | tolerations:
424 |            #- operator: "Exists"
425 | ```
426 | 
427 | # Running On OpenShift
428 | 
429 | This daemonset setting mounts /var/log as service account FluentD so you need to run containers as privileged container. Here is command example:
430 | 
431 | ```
432 | oc adm policy add-scc-to-user privileged system:serviceaccount:logging:fluentd
433 | oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:fluentd
434 | oc label node —all logging-sumologic-fluentd=true
435 | oc patch ds fluentd-sumologic -p "spec:
436 |   template:
437 |     spec:
438 |       containers:
439 |       - image: sumologic/fluentd-kubernetes-sumologic:latest
440 |         name: fluentd
441 |         securityContext:
442 |           privileged: true"
443 | oc delete pod -l name = fluentd-sumologic
444 | ```
445 | 
446 | ## Running on Kubernetes versions <1.8
447 | 
448 | In order to run this plugin on Kubernetes <1.8 you will need to make some changes the yaml file prior to deploying it.
449 | 
450 | Replace:
451 | 
452 | ```
453 |       - name: pos-files
454 |         hostPath:
455 |           path: /var/run/fluentd-pos
456 |           type: ""
457 | ```
458 | With:
459 | 
460 | ```
461 |       - name: pos-files
462 |         emptyDir: {}
463 | ```
464 | 
465 | ## Output to S3
466 | 
467 | If you need to also send data to S3 (i.e. as a secondary backup/audit trail) the image includes the `fluent-plugin-s3` plugin.  In order to send the logs from FluentD to multiple outputs, you must use the `copy` plugin.  This image comes with an [OOB configuration](conf.d/out.sumo.conf) to output the logs to Sumo Logic. In order to output to multiple destinations, you need to modify that existing configuration.
468 | 
469 | **Example:** Send all logs to S3 and Sumo:
470 | 
471 | ```
472 | <match **>
473 |   @type copy
474 |   <store>
475 |     @type sumologic
476 |     log_key log
477 |     endpoint "#{ENV['COLLECTOR_URL']}"
478 |     verify_ssl "#{ENV['VERIFY_SSL']}"
479 |     log_format "#{ENV['LOG_FORMAT']}"
480 |     flush_interval "#{ENV['FLUSH_INTERVAL']}"
481 |     num_threads "#{ENV['NUM_THREADS']}"
482 |     open_timeout 60
483 |     add_timestamp "#{ENV['ADD_TIMESTAMP']}"
484 |     proxy_uri "#{ENV['PROXY_URI']}"
485 |   </store>
486 |   <store>
487 |     @type s3
488 |   
489 |     aws_key_id YOUR_AWS_KEY_ID
490 |     aws_sec_key YOUR_AWS_SECRET_KEY
491 |     s3_bucket YOUR_S3_BUCKET_NAME
492 |     s3_region us-west-1
493 |     path logs/
494 |     buffer_path /var/log/fluent/s3
495 |   
496 |     time_slice_format %Y%m%d%H
497 |     time_slice_wait 10m
498 |     utc
499 |   
500 |     buffer_chunk_limit 256m
501 |   </store>
502 | </match>
503 | ```
504 | 
505 | You can replace the OOB configuration by creating a new Docker image from our image or by using a configmap to inject the new configuration to the pod.
506 | 
507 | More details about the S3 plugin can be found [in the docs](https://docs.fluentd.org/v0.12/articles/out_s3).
508 | 
509 | ## Upgrading to v2.0.0
510 | 
511 | In version 2.0.0, some legacy FluentD configuration has been removed that could lead to [duplicate logs being ingested into Sumo Logic](https://github.com/SumoLogic/fluentd-kubernetes-sumologic/issues/79).  These logs were control plane components.  This version was done as a major release as it breaks the current version of the [Kubernetes App](https://help.sumologic.com/Send-Data/Applications-and-Other-Data-Sources/Kubernetes/Install_the_Kubernetes_App_and_View_the_Dashboards) you may have installed in Sumo Logic.
512 | 
513 | After upgrading to this version, you will need to reinstall the [Kubernetes App](https://help.sumologic.com/Send-Data/Applications-and-Other-Data-Sources/Kubernetes/Install_the_Kubernetes_App_and_View_the_Dashboards) in Sumo Logic. If you do not some of the panels in the dashboards will not render properly.
514 | 
515 | If you have other content outside the app (Partitions, Scheduled Views, Field Extraction Rules or Scheduled Searches and Alerts), these may need to be updated after upgrading to v2.0.0.  The logs, while the same content, have a different format and the same parsing logic and metadata may not apply.
516 | 
517 | The previous log format that is removed in v2.0.0:
518 | ```json
519 | {
520 |    "timestamp": 1538776281387,
521 |    "severity": "I",
522 |    "pid": "1",
523 |    "source": "wrap.go:42",
524 |    "message": "GET /api/v1/namespaces/kube-system/endpoints/kube-scheduler: (3.514372ms) 200 [[kube-scheduler/v1.10.5 (linux/amd64) kubernetes/32ac1c9/leader-election] 127.0.0.1:46290]"
525 | }
526 | ```
527 | Is replaced by the following version.  It is the same log line in a different format enriched with the same metadata the plugin applies to all pod logs.
528 | ```json
529 | {
530 |    "timestamp": 1538776282152,
531 |    "log": "I1005 21:51:21.387204       1 wrap.go:42] GET /api/v1/namespaces/kube-system/endpoints/kube-scheduler: (3.514372ms) 200 [[kube-scheduler/v1.10.5 (linux/amd64) kubernetes/32ac1c9/leader-election] 127.0.0.1:46290]",
532 |    "stream": "stdout",
533 |    "time": "2018-10-05T21:51:21.387477546Z",
534 |    "docker": {
535 |       "container_id": "a442fd2982dfdc09ab6235941f8d661a0a5c8df5e1d21f23ff48a9923ac14739"
536 |    },
537 |    "kubernetes": {
538 |       "container_name": "kube-apiserver",
539 |       "namespace_name": "kube-system",
540 |       "pod_name": "kube-apiserver-ip-172-20-122-71.us-west-2.compute.internal",
541 |       "pod_id": "80fa5e13-c8b9-11e8-a456-0a8c1424d0d4",
542 |       "labels": {
543 |          "k8s-app": "kube-apiserver"
544 |       },
545 |       "host": "ip-172-20-122-71.us-west-2.compute.internal",
546 |       "master_url": "https://100.64.0.1:443/api",
547 |       "namespace_id": "9b9b75b7-aa16-11e8-9d62-06df85b5d3bc"
548 |    }
549 | }
550 | ```
551 | 


--------------------------------------------------------------------------------
/Rakefile:
--------------------------------------------------------------------------------
 1 | require 'bundler/gem_tasks'
 2 | require 'rake/testtask'
 3 | 
 4 | Rake::TestTask.new(:test) do |test|
 5 |   test.libs << 'test'
 6 |   test.pattern = 'test/**/test_*.rb'
 7 |   test.verbose = true
 8 |   test.warning = false
 9 | end
10 | 
11 | task :default => :test
12 | 


--------------------------------------------------------------------------------
/ci/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | echo "Starting build process in: `pwd`"
 4 | set -e
 5 | 
 6 | VERSION="${TRAVIS_TAG:-0.0.0}"
 7 | VERSION="${VERSION#v}"
 8 | : "${DOCKER_TAG:=sumologic/fluentd-kubernetes-sumologic}"
 9 | : "${DOCKER_USERNAME:=sumodocker}"
10 | PLUGIN_NAME="fluent-plugin-kubernetes_sumologic"
11 | 
12 | echo "Building for tag $VERSION, modify .gemspec file..."
13 | sed -i.bak "s/0.0.0/$VERSION/g" ./$PLUGIN_NAME.gemspec
14 | rm -f ./$PLUGIN_NAME.gemspec.bak
15 | 
16 | echo "Install bundler..."
17 | bundle install
18 | 
19 | echo "Run unit tests..."
20 | bundle exec rake
21 | 
22 | echo "Build gem $PLUGIN_NAME $VERSION..."
23 | gem build $PLUGIN_NAME
24 | 
25 | echo "Building docker image with $DOCKER_TAG:$VERSION in `pwd`..."
26 | docker build . -f ./Dockerfile -t $DOCKER_TAG:v$VERSION --no-cache
27 | if [ -z "$DOCKER_PASSWORD" ] || [ -z "$TRAVIS_TAG" ]; then
28 |     echo "Skip Docker pushing"
29 | else
30 |     echo "Pushing docker image with $DOCKER_TAG:$VERSION..."
31 |     echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
32 |     docker push $DOCKER_TAG:v$VERSION
33 | fi
34 | 
35 | rm -f ./*.gem
36 | 
37 | echo "DONE"
38 | 


--------------------------------------------------------------------------------
/daemonset/nonrbac/fluentd.yaml:
--------------------------------------------------------------------------------
   1 | apiVersion: extensions/v1beta1
   2 | kind: DaemonSet
   3 | metadata:
   4 |   name: fluentd-sumologic
   5 |   labels:
   6 |     app: fluentd-sumologic
   7 |     version: v1
   8 | spec:
   9 |   template:
  10 |     metadata:
  11 |       labels:
  12 |         name: fluentd-sumologic
  13 |     spec:
  14 |       volumes:
  15 |       - name: pos-files
  16 |         hostPath:
  17 |           path: /var/run/fluentd-pos
  18 |           type: ""
  19 |       # User data 1 mount point for Kubernetes running in OCI Container Engine for Kubernetes (OKE)
  20 |       - name: "u01"
  21 |         hostPath:
  22 |           path: /u01
  23 |       - name: host-logs
  24 |         hostPath:
  25 |           path: /var/log/
  26 |       - name: docker-logs
  27 |         hostPath:
  28 |           path: /var/lib/docker
  29 |       - name: fluentd-sumologic-config
  30 |         configMap:
  31 |           name: fluentd-sumologic-config
  32 |       containers:
  33 |       - image: sumologic/fluentd-kubernetes-sumologic:v2.4.2
  34 |         name: fluentd
  35 |         imagePullPolicy: IfNotPresent
  36 |         volumeMounts:
  37 |         - name: fluentd-sumologic-config
  38 |           mountPath: /fluentd/etc
  39 |         - name: host-logs
  40 |           mountPath: /mnt/log/
  41 |           readOnly: true
  42 |         - name: host-logs
  43 |           mountPath: /var/log/
  44 |           readOnly: true
  45 |         - name: docker-logs
  46 |           mountPath: /var/lib/docker/
  47 |           readOnly: true
  48 |         - name: "u01"
  49 |           mountPath: /u01
  50 |           readOnly: true
  51 |         - name: pos-files
  52 |           mountPath: /mnt/pos/
  53 |         env:
  54 |         - name: COLLECTOR_URL
  55 |           valueFrom:
  56 |             secretKeyRef:
  57 |               name: sumologic
  58 |               key: collector-url
  59 |         # Improve GC for memory limited envs like docker.
  60 |         - name: RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR
  61 |           value: "0.9"
  62 |       tolerations:
  63 |           - operator: "Exists"
  64 |           - effect: "NoSchedule"
  65 |             key: "node-role.kubernetes.io/master"
  66 | 
  67 | ---
  68 | apiVersion: v1
  69 | kind: ConfigMap
  70 | metadata:
  71 |   name: fluentd-sumologic-config
  72 |   labels:
  73 |     app: fluentd-sumologic
  74 | data:
  75 |   out.sumo.conf: |-
  76 |     <match **>
  77 |       @type sumologic
  78 |       log_key log
  79 |       endpoint "#{ENV['COLLECTOR_URL']}"
  80 |       verify_ssl "#{ENV['VERIFY_SSL']}"
  81 |       log_format "#{ENV['LOG_FORMAT']}"
  82 |       flush_interval "#{ENV['FLUSH_INTERVAL']}"
  83 |       num_threads "#{ENV['NUM_THREADS']}"
  84 |       open_timeout 60
  85 |       add_timestamp "#{ENV['ADD_TIMESTAMP']}"
  86 |       timestamp_key "#{ENV['TIMESTAMP_KEY']}"
  87 |       proxy_uri "#{ENV['PROXY_URI']}"
  88 |     </match>
  89 | 
  90 |   fluent.file.conf: |-
  91 |     <match fluent.**>
  92 |       @type null
  93 |     </match>
  94 | 
  95 |     <source>
  96 |       @type monitor_agent
  97 |       bind 0.0.0.0
  98 |       port 24220
  99 |     </source>
 100 | 
 101 |     @include /fluentd/etc/file.source.*.conf
 102 |     @include /fluentd/etc/user/*.conf
 103 |     @include /fluentd/etc/out.sumo.conf
 104 | 
 105 |   fluent.forward.conf: |-
 106 |     ## built-in TCP input
 107 |     ## $ echo <json> | fluent-cat <tag>
 108 |     <source>
 109 |       @type forward
 110 |       @id forward_input
 111 |       port "#{ENV['FORWARD_INPUT_PORT']}"
 112 |       bind "#{ENV['FORWARD_INPUT_BIND']}"
 113 |     </source>
 114 | 
 115 |     <source>
 116 |       @type monitor_agent
 117 |       bind 0.0.0.0
 118 |       port 24220
 119 |     </source>
 120 | 
 121 |     @include /fluentd/etc/forward.source.*.conf
 122 |     @include /fluentd/etc/user/*.conf
 123 |     @include /fluentd/etc/out.sumo.conf
 124 | 
 125 |   fluent.systemd.conf: |-
 126 |     <match fluent.**>
 127 |       @type null
 128 |     </match>
 129 | 
 130 |     <source>
 131 |       @type monitor_agent
 132 |       bind 0.0.0.0
 133 |       port 24220
 134 |     </source>
 135 | 
 136 |     @include /fluentd/etc/systemd.source.*.conf
 137 |     @include /fluentd/etc/user/*.conf
 138 |     @include /fluentd/etc/out.sumo.conf
 139 | 
 140 |   file.source.containers.conf: |-
 141 |     <source>
 142 |       @type tail
 143 |       format json
 144 |       time_key "#{ENV['TIME_KEY']}"
 145 |       path "#{ENV['CONTAINER_LOGS_PATH']}"
 146 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 147 |       pos_file /mnt/pos/ggcp-containers.log.pos
 148 |       time_format %Y-%m-%dT%H:%M:%S.%NZ
 149 |       tag containers.*
 150 |       read_from_head "#{ENV['READ_FROM_HEAD']}"
 151 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 152 |     </source>
 153 | 
 154 |     <filter containers.**>
 155 |       @type concat
 156 |       key log
 157 |       multiline_start_regexp "#{ENV['MULTILINE_START_REGEXP']}"
 158 |       separator "#{ENV['CONCAT_SEPARATOR']}"
 159 |       timeout_label @NORMAL
 160 |     </filter>
 161 | 
 162 |     <match containers.**>
 163 |       @type relabel
 164 |       @label @NORMAL
 165 |     </match>
 166 | 
 167 |     <label @NORMAL>
 168 |       <filter containers.**>
 169 |         @type kubernetes_metadata
 170 |         @log_level warn
 171 |         annotation_match ["sumologic\.com.*"]
 172 |         de_dot false
 173 |         watch "#{ENV['K8S_METADATA_FILTER_WATCH']}"
 174 |         ca_file "#{ENV['K8S_METADATA_FILTER_CA_FILE']}"
 175 |         verify_ssl "#{ENV['K8S_METADATA_FILTER_VERIFY_SSL']}"
 176 |         client_cert "#{ENV['K8S_METADATA_FILTER_CLIENT_CERT']}"
 177 |         client_key "#{ENV['K8S_METADATA_FILTER_CLIENT_KEY']}"
 178 |         bearer_token_file "#{ENV['K8S_METADATA_FILTER_BEARER_TOKEN_FILE']}"
 179 |         cache_size "#{ENV['K8S_METADATA_FILTER_BEARER_CACHE_SIZE']}"
 180 |         cache_ttl "#{ENV['K8S_METADATA_FILTER_BEARER_CACHE_TTL']}"
 181 |         tag_to_kubernetes_name_regexp '.+?\.containers\.(?<pod_name>[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$'
 182 |         merge_json_log false
 183 |       </filter>
 184 | 
 185 |       <filter containers.**>
 186 |         @type kubernetes_sumologic
 187 |         source_name "#{ENV['SOURCE_NAME']}"
 188 |         source_host "#{ENV['SOURCE_HOST']}"
 189 |         log_format "#{ENV['LOG_FORMAT']}"
 190 |         kubernetes_meta "#{ENV['KUBERNETES_META']}"
 191 |         kubernetes_meta_reduce "#{ENV['KUBERNETES_META_REDUCE']}"
 192 |         add_stream "#{ENV['ADD_STREAM']}"
 193 |         add_time "#{ENV['ADD_TIME']}"
 194 |         source_category "#{ENV['SOURCE_CATEGORY']}"
 195 |         source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 196 |         source_category_replace_dash "#{ENV['SOURCE_CATEGORY_REPLACE_DASH']}"
 197 |         exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 198 |         exclude_pod_regex "#{ENV['EXCLUDE_POD_REGEX']}"
 199 |         exclude_container_regex "#{ENV['EXCLUDE_CONTAINER_REGEX']}"
 200 |         exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 201 |       </filter>
 202 | 
 203 |       @include /fluentd/etc/out.sumo.conf
 204 |     </label>
 205 | 
 206 |   file.source.docker.conf: |-
 207 |     # Examples:
 208 |     # time="2016-02-04T06:51:03.053580605Z" level=info msg="GET /containers/json"
 209 |     # time="2016-02-04T07:53:57.505612354Z" level=error msg="HTTP Error" err="No such image: -f" statusCode=404
 210 |     <source>
 211 |       @type tail
 212 |       format /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
 213 |       time_format %Y-%m-%dT%H:%M:%S.%NZ
 214 |       path /var/lib/docker.log
 215 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 216 |       pos_file /mnt/pos/ggcp-docker.log.pos
 217 |       tag docker
 218 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 219 |     </source>
 220 | 
 221 |     <filter docker.**>
 222 |       @type kubernetes_sumologic
 223 |       source_category docker
 224 |       source_name k8s_docker
 225 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 226 |     </filter>
 227 | 
 228 |   file.source.kubernetes.conf: |-
 229 |     # Example:
 230 |     # 2015-12-21 23:17:22,066 [salt.state       ][INFO    ] Completed state [net.ipv4.ip_forward] at time 23:17:22.066081
 231 |     <source>
 232 |       @type tail
 233 |       format /^(?<time>[^ ]* [^ ,]*)[^\[]*\[[^\]]*\]\[(?<severity>[^ \]]*) *\] (?<message>.*)$/
 234 |       time_format %Y-%m-%d %H:%M:%S
 235 |       path /mnt/log/salt/minion
 236 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 237 |       pos_file /mnt/pos/ggcp-salt.pos
 238 |       tag salt
 239 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 240 |     </source>
 241 | 
 242 |     <filter salt.**>
 243 |       @type kubernetes_sumologic
 244 |       source_category salt
 245 |       source_name k8s_salt
 246 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 247 |       add_stream "#{ENV['ADD_STREAM']}"
 248 |       add_time "#{ENV['ADD_TIME']}"
 249 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 250 |     </filter>
 251 | 
 252 | 
 253 |     # Example:
 254 |     # Dec 21 23:17:22 gke-foo-1-1-4b5cbd14-node-4eoj startupscript: Finished running startup script /var/run/google.startup.script
 255 |     <source>
 256 |       @type tail
 257 |       format syslog
 258 |       path /mnt/log/startupscript.log
 259 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 260 |       pos_file /mnt/pos/ggcp-startupscript.log.pos
 261 |       tag startupscript
 262 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 263 |     </source>
 264 | 
 265 |     <filter startupscript.**>
 266 |       @type kubernetes_sumologic
 267 |       source_category startupscript
 268 |       source_name k8s_startupscript
 269 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 270 |       add_stream "#{ENV['ADD_STREAM']}"
 271 |       add_time "#{ENV['ADD_TIME']}"
 272 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 273 |     </filter>
 274 | 
 275 | 
 276 |     # Multi-line parsing is required for all the kube logs because very large log
 277 |     # statements, such as those that include entire object bodies, get split into
 278 |     # multiple lines by glog.
 279 | 
 280 | 
 281 |     # Example:
 282 |     # I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
 283 |     <source>
 284 |       @type tail
 285 |       format multiline
 286 |       multiline_flush_interval 5s
 287 |       format_firstline /^\w\d{4}/
 288 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
 289 |       time_format %m%d %H:%M:%S.%N
 290 |       path /mnt/log/kubelet.log
 291 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 292 |       pos_file /mnt/pos/ggcp-kubelet.log.pos
 293 |       tag kubelet
 294 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 295 |     </source>
 296 | 
 297 |     <filter kubelet.**>
 298 |       @type kubernetes_sumologic
 299 |       source_category kubelet
 300 |       source_name k8s_kubelet
 301 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 302 |       add_stream "#{ENV['ADD_STREAM']}"
 303 |       add_time "#{ENV['ADD_TIME']}"
 304 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 305 |     </filter>
 306 | 
 307 | 
 308 |     # Example
 309 |     # 2017-11-06T18:53:49.774520188Z AUDIT: id="6a8sdffd918-0b6a-4aee-a3a1-f1sdf61596" ip="172.11.23.88" method="GET" user="kubelet" groups="\"system:nodes\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" namespace="monty" uri="/api/v1/namespaces/monty/secrets/default-token-fntvb?resourceVersion=0"
 310 |     # 2017-02-09T00:15:57.993528822Z AUDIT: id="6a8sdffd918-0b6a-4aee-a3a1-f1sdf61596" response="200"
 311 |     <source>
 312 |       @type tail
 313 |       format json
 314 |       time_key timestamp
 315 |       time_format %Y-%m-%dT%H:%M:%SZ
 316 |       path "#{ENV['AUDIT_LOG_PATH']}"
 317 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 318 |       pos_file /mnt/pos/ggcp-kube-audit.log.pos
 319 |       tag kube-audit
 320 |       read_from_head "#{ENV['READ_FROM_HEAD']}"
 321 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 322 |     </source>
 323 | 
 324 |     <filter kube-audit.**>
 325 |       @type kubernetes_sumologic
 326 |       source_category kube-audit
 327 |       source_name k8s_kube-audit
 328 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 329 |       add_stream "#{ENV['ADD_STREAM']}"
 330 |       add_time "#{ENV['ADD_TIME']}"
 331 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 332 |     </filter>
 333 | 
 334 | 
 335 |     # Example:
 336 |     # I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
 337 |     <source>
 338 |       @type tail
 339 |       format multiline
 340 |       multiline_flush_interval 5s
 341 |       format_firstline /^\w\d{4}/
 342 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
 343 |       time_format %m%d %H:%M:%S.%N
 344 |       path /mnt/log/glbc.log
 345 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 346 |       pos_file /mnt/pos/ggcp-glbc.log.pos
 347 |       tag glbc
 348 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 349 |     </source>
 350 | 
 351 |     <filter glbc.**>
 352 |       @type kubernetes_sumologic
 353 |       source_category glbc
 354 |       source_name k8s_glbc
 355 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 356 |       add_stream "#{ENV['ADD_STREAM']}"
 357 |       add_time "#{ENV['ADD_TIME']}"
 358 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 359 |     </filter>
 360 | 
 361 | 
 362 |     # Example:
 363 |     # I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
 364 |     <source>
 365 |       @type tail
 366 |       format multiline
 367 |       multiline_flush_interval 5s
 368 |       format_firstline /^\w\d{4}/
 369 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
 370 |       time_format %m%d %H:%M:%S.%N
 371 |       path /mnt/log/cluster-autoscaler.log
 372 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 373 |       pos_file /mnt/pos/ggcp-cluster-autoscaler.log.pos
 374 |       tag cluster-autoscaler
 375 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 376 |     </source>
 377 | 
 378 |     <filter cluster-autoscaler.**>
 379 |       @type kubernetes_sumologic
 380 |       source_category cluster-autoscaler
 381 |       source_name k8s_cluster-autoscaler
 382 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 383 |       add_stream "#{ENV['ADD_STREAM']}"
 384 |       add_time "#{ENV['ADD_TIME']}"
 385 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 386 |     </filter>
 387 | 
 388 |   systemd.source.containers.conf: |-
 389 |     <source>
 390 |       @type tail
 391 |       format json
 392 |       time_key "#{ENV['TIME_KEY']}"
 393 |       path "#{ENV['CONTAINER_LOGS_PATH']}"
 394 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 395 |       pos_file /mnt/pos/ggcp-containers.log.pos
 396 |       time_format %Y-%m-%dT%H:%M:%S.%NZ
 397 |       tag containers.*
 398 |       read_from_head "#{ENV['READ_FROM_HEAD']}"
 399 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 400 |     </source>
 401 | 
 402 |     <filter containers.**>
 403 |       @type kubernetes_metadata
 404 |       @log_level warn
 405 |       annotation_match ["sumologic\.com.*"]
 406 |       de_dot false
 407 |       watch "#{ENV['K8S_METADATA_FILTER_WATCH']}"
 408 |       ca_file "#{ENV['K8S_METADATA_FILTER_CA_FILE']}"
 409 |       verify_ssl "#{ENV['K8S_METADATA_FILTER_VERIFY_SSL']}"
 410 |       client_cert "#{ENV['K8S_METADATA_FILTER_CLIENT_CERT']}"
 411 |       client_key "#{ENV['K8S_METADATA_FILTER_CLIENT_KEY']}"
 412 |       bearer_token_file "#{ENV['K8S_METADATA_FILTER_BEARER_TOKEN_FILE']}"
 413 |       cache_size "#{ENV['K8S_METADATA_FILTER_BEARER_CACHE_SIZE']}"
 414 |       cache_ttl "#{ENV['K8S_METADATA_FILTER_BEARER_CACHE_TTL']}"
 415 |       tag_to_kubernetes_name_regexp '.+?\.containers\.(?<pod_name>[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$'
 416 |       merge_json_log false
 417 |     </filter>
 418 | 
 419 |     <filter containers.**>
 420 |       @type kubernetes_sumologic
 421 |       source_name "#{ENV['SOURCE_NAME']}"
 422 |       source_host "#{ENV['SOURCE_HOST']}"
 423 |       log_format "#{ENV['LOG_FORMAT']}"
 424 |       kubernetes_meta "#{ENV['KUBERNETES_META']}"
 425 |       kubernetes_meta_reduce "#{ENV['KUBERNETES_META_REDUCE']}"
 426 |       add_stream "#{ENV['ADD_STREAM']}"
 427 |       add_time "#{ENV['ADD_TIME']}"
 428 |       source_category "#{ENV['SOURCE_CATEGORY']}"
 429 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 430 |       source_category_replace_dash "#{ENV['SOURCE_CATEGORY_REPLACE_DASH']}"
 431 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 432 |       exclude_pod_regex "#{ENV['EXCLUDE_POD_REGEX']}"
 433 |       exclude_container_regex "#{ENV['EXCLUDE_CONTAINER_REGEX']}"
 434 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 435 |     </filter>
 436 | 
 437 |   systemd.source.systemd.conf: |-
 438 | 
 439 |     <source>
 440 |       @type systemd
 441 |       path /mnt/log/journal
 442 |       filters [{"_SYSTEMD_UNIT": "addon-config.service"}]
 443 |       <storage>
 444 |         @type local
 445 |         persistent true
 446 |         path /mnt/pos/addon-config.log.pos
 447 |       </storage>
 448 |       tag addon-config
 449 |     </source>
 450 | 
 451 |     <filter addon-config.**>
 452 |       @type kubernetes_sumologic
 453 |       source_category system
 454 |       source_name addon-config
 455 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 456 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 457 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 458 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 459 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 460 |     </filter>
 461 | 
 462 |     <source>
 463 |       @type systemd
 464 |       path /mnt/log/journal
 465 |       filters [{"_SYSTEMD_UNIT": "addon-run.service"}]
 466 |       <storage>
 467 |         @type local
 468 |         persistent true
 469 |         path /mnt/pos/addon-run.log.pos
 470 |       </storage>
 471 |       tag addon-run
 472 |     </source>
 473 | 
 474 |     <filter addon-run.**>
 475 |       @type kubernetes_sumologic
 476 |       source_category system
 477 |       source_name addon-run
 478 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 479 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 480 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 481 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 482 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 483 |     </filter>
 484 | 
 485 |     <source>
 486 |       @type systemd
 487 |       path /mnt/log/journal
 488 |       filters [{"_SYSTEMD_UNIT": "cfn-etcd-environment.service"}]
 489 |       <storage>
 490 |         @type local
 491 |         persistent true
 492 |         path /mnt/pos/cfn-etcd-environment.log.pos
 493 |       </storage>
 494 |       tag cfn-etcd-environment
 495 |     </source>
 496 | 
 497 |     <filter cfn-etcd-environment.**>
 498 |       @type kubernetes_sumologic
 499 |       source_category system
 500 |       source_name cfn-etcd-environment
 501 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 502 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 503 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 504 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 505 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 506 |     </filter>
 507 | 
 508 |     <source>
 509 |       @type systemd
 510 |       path /mnt/log/journal
 511 |       filters [{"_SYSTEMD_UNIT": "cfn-signal.service"}]
 512 |       <storage>
 513 |         @type local
 514 |         persistent true
 515 |         path /mnt/pos/cfn-signal.log.pos
 516 |       </storage>
 517 |       tag cfn-signal
 518 |     </source>
 519 | 
 520 |     <filter cfn-signal.**>
 521 |       @type kubernetes_sumologic
 522 |       source_category system
 523 |       source_name cfn-signal
 524 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 525 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 526 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 527 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 528 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 529 |     </filter>
 530 | 
 531 |     <source>
 532 |       @type systemd
 533 |       path /mnt/log/journal
 534 |       filters [{"_SYSTEMD_UNIT": "clean-ca-certificates.service"}]
 535 |       <storage>
 536 |         @type local
 537 |         persistent true
 538 |         path /mnt/pos/clean-ca-certificates.log.pos
 539 |       </storage>
 540 |       tag clean-ca-certificates
 541 |     </source>
 542 | 
 543 |     <filter clean-ca-certificates.**>
 544 |       @type kubernetes_sumologic
 545 |       source_category system
 546 |       source_name clean-ca-certificates
 547 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 548 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 549 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 550 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 551 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 552 |     </filter>
 553 | 
 554 |     <source>
 555 |       @type systemd
 556 |       path /mnt/log/journal
 557 |       filters [{"_SYSTEMD_UNIT": "containerd.service"}]
 558 |       <storage>
 559 |         @type local
 560 |         persistent true
 561 |         path /mnt/pos/containerd.log.pos
 562 |       </storage>
 563 |       tag containerd
 564 |     </source>
 565 | 
 566 |     <filter containerd.**>
 567 |       @type kubernetes_sumologic
 568 |       source_category system
 569 |       source_name containerd
 570 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 571 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 572 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 573 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 574 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 575 |     </filter>
 576 | 
 577 |     <source>
 578 |       @type systemd
 579 |       path /mnt/log/journal
 580 |       filters [{"_SYSTEMD_UNIT": "coreos-metadata.service"}]
 581 |       <storage>
 582 |         @type local
 583 |         persistent true
 584 |         path /mnt/pos/coreos-metadata.log.pos
 585 |       </storage>
 586 |       tag coreos-metadata
 587 |     </source>
 588 | 
 589 |     <filter coreos-metadata.**>
 590 |       @type kubernetes_sumologic
 591 |       source_category system
 592 |       source_name coreos-metadata
 593 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 594 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 595 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 596 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 597 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 598 |     </filter>
 599 | 
 600 |     <source>
 601 |       @type systemd
 602 |       path /mnt/log/journal
 603 |       filters [{"_SYSTEMD_UNIT": "coreos-setup-environment.service"}]
 604 |       <storage>
 605 |         @type local
 606 |         persistent true
 607 |         path /mnt/pos/coreos-setup-environment.log.pos
 608 |       </storage>
 609 |       tag coreos-setup-environment
 610 |     </source>
 611 | 
 612 |     <filter coreos-setup-environment.**>
 613 |       @type kubernetes_sumologic
 614 |       source_category system
 615 |       source_name coreos-setup-environment
 616 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 617 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 618 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 619 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 620 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 621 |     </filter>
 622 | 
 623 |     <source>
 624 |       @type systemd
 625 |       path /mnt/log/journal
 626 |       filters [{"_SYSTEMD_UNIT": "coreos-tmpfiles.service"}]
 627 |       <storage>
 628 |         @type local
 629 |         persistent true
 630 |         path /mnt/pos/coreos-tmpfiles.log.pos
 631 |       </storage>
 632 |       tag coreos-tmpfiles
 633 |     </source>
 634 | 
 635 |     <filter coreos-tmpfiles.**>
 636 |       @type kubernetes_sumologic
 637 |       source_category system
 638 |       source_name coreos-tmpfiles
 639 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 640 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 641 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 642 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 643 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 644 |     </filter>
 645 | 
 646 |     <source>
 647 |       @type systemd
 648 |       path /mnt/log/journal
 649 |       filters [{"_SYSTEMD_UNIT": "dbus.service"}]
 650 |       <storage>
 651 |         @type local
 652 |         persistent true
 653 |         path /mnt/pos/dbus.log.pos
 654 |       </storage>
 655 |       tag dbus
 656 |     </source>
 657 | 
 658 |     <filter dbus.**>
 659 |       @type kubernetes_sumologic
 660 |       source_category system
 661 |       source_name dbus
 662 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 663 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 664 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 665 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 666 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 667 |     </filter>
 668 | 
 669 |     <source>
 670 |       @type systemd
 671 |       path /mnt/log/journal
 672 |       filters [{"_SYSTEMD_UNIT": "docker.service"}]
 673 |       <storage>
 674 |         @type local
 675 |         persistent true
 676 |         path /mnt/pos/docker.log.pos
 677 |       </storage>
 678 |       tag docker
 679 |     </source>
 680 | 
 681 |     <filter docker.**>
 682 |       @type kubernetes_sumologic
 683 |       source_category system
 684 |       source_name docker
 685 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 686 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 687 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 688 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 689 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 690 |     </filter>
 691 | 
 692 |     <source>
 693 |       @type systemd
 694 |       path /mnt/log/journal
 695 |       filters [{"_SYSTEMD_UNIT": "efs.service"}]
 696 |       <storage>
 697 |         @type local
 698 |         persistent true
 699 |         path /mnt/pos/efs.log.pos
 700 |       </storage>
 701 |       tag efs
 702 |     </source>
 703 | 
 704 |     <filter efs.**>
 705 |       @type kubernetes_sumologic
 706 |       source_category system
 707 |       source_name efs
 708 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 709 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 710 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 711 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 712 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 713 |     </filter>
 714 | 
 715 |     <source>
 716 |       @type systemd
 717 |       path /mnt/log/journal
 718 |       filters [{"_SYSTEMD_UNIT": "etcd-member.service"}]
 719 |       <storage>
 720 |         @type local
 721 |         persistent true
 722 |         path /mnt/pos/etcd-member.log.pos
 723 |       </storage>
 724 |       tag etcd-member
 725 |     </source>
 726 | 
 727 |     <filter etcd-member.**>
 728 |       @type kubernetes_sumologic
 729 |       source_category system
 730 |       source_name etcd-member
 731 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 732 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 733 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 734 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 735 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 736 |     </filter>
 737 | 
 738 |     <source>
 739 |       @type systemd
 740 |       path /mnt/log/journal
 741 |       filters [{"_SYSTEMD_UNIT": "etcd.service"}]
 742 |       <storage>
 743 |         @type local
 744 |         persistent true
 745 |         path /mnt/pos/etcd.log.pos
 746 |       </storage>
 747 |       tag etcd
 748 |     </source>
 749 | 
 750 |     <filter etcd.**>
 751 |       @type kubernetes_sumologic
 752 |       source_category system
 753 |       source_name etcd
 754 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 755 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 756 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 757 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 758 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 759 |     </filter>
 760 | 
 761 |     <source>
 762 |       @type systemd
 763 |       path /mnt/log/journal
 764 |       filters [{"_SYSTEMD_UNIT": "etcd2.service"}]
 765 |       <storage>
 766 |         @type local
 767 |         persistent true
 768 |         path /mnt/pos/etcd2.log.pos
 769 |       </storage>
 770 |       tag etcd2
 771 |     </source>
 772 | 
 773 |     <filter etcd2.**>
 774 |       @type kubernetes_sumologic
 775 |       source_category system
 776 |       source_name etcd2
 777 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 778 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 779 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 780 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 781 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 782 |     </filter>
 783 | 
 784 |     <source>
 785 |       @type systemd
 786 |       path /mnt/log/journal
 787 |       filters [{"_SYSTEMD_UNIT": "etcd3.service"}]
 788 |       <storage>
 789 |         @type local
 790 |         persistent true
 791 |         path /mnt/pos/etcd3.log.pos
 792 |       </storage>
 793 |       tag etcd3
 794 |     </source>
 795 | 
 796 |     <filter etcd3.**>
 797 |       @type kubernetes_sumologic
 798 |       source_category system
 799 |       source_name etcd3
 800 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 801 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 802 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 803 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 804 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 805 |     </filter>
 806 | 
 807 |     <source>
 808 |       @type systemd
 809 |       path /mnt/log/journal
 810 |       filters [{"_SYSTEMD_UNIT": "etcdadm-check.service"}]
 811 |       <storage>
 812 |         @type local
 813 |         persistent true
 814 |         path /mnt/pos/etcdadm-check.log.pos
 815 |       </storage>
 816 |       tag etcdadm-check
 817 |     </source>
 818 | 
 819 |     <filter etcdadm-check.**>
 820 |       @type kubernetes_sumologic
 821 |       source_category system
 822 |       source_name etcdadm-check
 823 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 824 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 825 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 826 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 827 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 828 |     </filter>
 829 | 
 830 |     <source>
 831 |       @type systemd
 832 |       path /mnt/log/journal
 833 |       filters [{"_SYSTEMD_UNIT": "etcdadm-reconfigure.service"}]
 834 |       <storage>
 835 |         @type local
 836 |         persistent true
 837 |         path /mnt/pos/etcdadm-reconfigure.log.pos
 838 |       </storage>
 839 |       tag etcdadm-reconfigure
 840 |     </source>
 841 | 
 842 |     <filter etcdadm-reconfigure.**>
 843 |       @type kubernetes_sumologic
 844 |       source_category system
 845 |       source_name etcdadm-reconfigure
 846 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 847 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 848 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 849 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 850 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 851 |     </filter>
 852 | 
 853 |     <source>
 854 |       @type systemd
 855 |       path /mnt/log/journal
 856 |       filters [{"_SYSTEMD_UNIT": "etcdadm-save.service"}]
 857 |       <storage>
 858 |         @type local
 859 |         persistent true
 860 |         path /mnt/pos/etcdadm-save.log.pos
 861 |       </storage>
 862 |       tag etcdadm-save
 863 |     </source>
 864 | 
 865 |     <filter etcdadm-save.**>
 866 |       @type kubernetes_sumologic
 867 |       source_category system
 868 |       source_name etcdadm-save
 869 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 870 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 871 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 872 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 873 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 874 |     </filter>
 875 | 
 876 |     <source>
 877 |       @type systemd
 878 |       path /mnt/log/journal
 879 |       filters [{"_SYSTEMD_UNIT": "etcdadm-update-status.service"}]
 880 |       <storage>
 881 |         @type local
 882 |         persistent true
 883 |         path /mnt/pos/etcdadm-update-status.log.pos
 884 |       </storage>
 885 |       tag etcdadm-update-status
 886 |     </source>
 887 | 
 888 |     <filter etcdadm-update-status.**>
 889 |       @type kubernetes_sumologic
 890 |       source_category system
 891 |       source_name etcdadm-update-status
 892 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 893 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 894 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 895 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 896 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 897 |     </filter>
 898 | 
 899 |     <source>
 900 |       @type systemd
 901 |       path /mnt/log/journal
 902 |       filters [{"_SYSTEMD_UNIT": "flanneld.service"}]
 903 |       <storage>
 904 |         @type local
 905 |         persistent true
 906 |         path /mnt/pos/flanneld.log.pos
 907 |       </storage>
 908 |       tag flanneld
 909 |     </source>
 910 | 
 911 |     <filter flanneld.**>
 912 |       @type kubernetes_sumologic
 913 |       source_category system
 914 |       source_name flanneld
 915 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 916 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 917 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 918 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 919 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 920 |     </filter>
 921 | 
 922 |     <source>
 923 |       @type systemd
 924 |       path /mnt/log/journal
 925 |       filters [{"_SYSTEMD_UNIT": "format-etcd2-volume.service"}]
 926 |       <storage>
 927 |         @type local
 928 |         persistent true
 929 |         path /mnt/pos/format-etcd2-volume.log.pos
 930 |       </storage>
 931 |       tag format-etcd2-volume
 932 |     </source>
 933 | 
 934 |     <filter format-etcd2-volume.**>
 935 |       @type kubernetes_sumologic
 936 |       source_category system
 937 |       source_name format-etcd2-volume
 938 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 939 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 940 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 941 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 942 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 943 |     </filter>
 944 | 
 945 |     <source>
 946 |       @type systemd
 947 |       path /mnt/log/journal
 948 |       filters [{"_SYSTEMD_UNIT": "kube-node-taint-and-uncordon.service"}]
 949 |       <storage>
 950 |         @type local
 951 |         persistent true
 952 |         path /mnt/pos/kube-node-taint-and-uncordon.log.pos
 953 |       </storage>
 954 |       tag kube-node-taint-and-uncordon
 955 |     </source>
 956 | 
 957 |     <filter kube-node-taint-and-uncordon.**>
 958 |       @type kubernetes_sumologic
 959 |       source_category system
 960 |       source_name kube-node-taint-and-uncordon
 961 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 962 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 963 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 964 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 965 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 966 |     </filter>
 967 | 
 968 |     # Multi-line parsing is required for all the kube logs because very large log
 969 |     # statements, such as those that include entire object bodies, get split into
 970 |     # multiple lines by glog.
 971 | 
 972 |     # Example:
 973 |     # I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
 974 |     <source>
 975 |       @type systemd
 976 |       path /mnt/log/journal
 977 |       filters [{"_SYSTEMD_UNIT": "kubelet.service"}]
 978 |       <storage>
 979 |         @type local
 980 |         persistent true
 981 |         path /mnt/pos/kubelet.log.pos
 982 |       </storage>
 983 |       tag kubelet
 984 |     </source>
 985 | 
 986 |     <filter kubelet.**>
 987 |       @type kubernetes_sumologic
 988 |       source_category kubelet
 989 |       source_name k8s_kubelet
 990 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 991 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 992 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 993 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 994 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 995 |     </filter>
 996 | 
 997 |     <source>
 998 |       @type systemd
 999 |       path /mnt/log/journal
1000 |       filters [{"_SYSTEMD_UNIT": "ldconfig.service"}]
1001 |       <storage>
1002 |         @type local
1003 |         persistent true
1004 |         path /mnt/pos/ldconfig.log.pos
1005 |       </storage>
1006 |       tag ldconfig
1007 |     </source>
1008 | 
1009 |     <filter ldconfig.**>
1010 |       @type kubernetes_sumologic
1011 |       source_category system
1012 |       source_name ldconfig
1013 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1014 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1015 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1016 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1017 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1018 |     </filter>
1019 | 
1020 |     <source>
1021 |       @type systemd
1022 |       path /mnt/log/journal
1023 |       filters [{"_SYSTEMD_UNIT": "locksmithd.service"}]
1024 |       <storage>
1025 |         @type local
1026 |         persistent true
1027 |         path /mnt/pos/locksmithd.log.pos
1028 |       </storage>
1029 |       tag locksmithd
1030 |     </source>
1031 | 
1032 |     <filter locksmithd.**>
1033 |       @type kubernetes_sumologic
1034 |       source_category system
1035 |       source_name locksmithd
1036 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1037 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1038 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1039 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1040 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1041 |     </filter>
1042 | 
1043 |     <source>
1044 |       @type systemd
1045 |       path /mnt/log/journal
1046 |       filters [{"_SYSTEMD_UNIT": "logrotate.service"}]
1047 |       <storage>
1048 |         @type local
1049 |         persistent true
1050 |         path /mnt/pos/logrotate.log.pos
1051 |       </storage>
1052 |       tag logrotate
1053 |     </source>
1054 | 
1055 |     <filter logrotate.**>
1056 |       @type kubernetes_sumologic
1057 |       source_category system
1058 |       source_name logrotate
1059 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1060 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1061 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1062 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1063 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1064 |     </filter>
1065 | 
1066 |     <source>
1067 |       @type systemd
1068 |       path /mnt/log/journal
1069 |       filters [{"_SYSTEMD_UNIT": "lvm2-monitor.service"}]
1070 |       <storage>
1071 |         @type local
1072 |         persistent true
1073 |         path /mnt/pos/lvm2-monitor.log.pos
1074 |       </storage>
1075 |       tag lvm2-monitor
1076 |     </source>
1077 | 
1078 |     <filter lvm2-monitor.**>
1079 |       @type kubernetes_sumologic
1080 |       source_category system
1081 |       source_name lvm2-monitor
1082 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1083 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1084 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1085 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1086 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1087 |     </filter>
1088 | 
1089 |     <source>
1090 |       @type systemd
1091 |       path /mnt/log/journal
1092 |       filters [{"_SYSTEMD_UNIT": "mdmon.service"}]
1093 |       <storage>
1094 |         @type local
1095 |         persistent true
1096 |         path /mnt/pos/mdmon.log.pos
1097 |       </storage>
1098 |       tag mdmon
1099 |     </source>
1100 | 
1101 |     <filter mdmon.**>
1102 |       @type kubernetes_sumologic
1103 |       source_category system
1104 |       source_name mdmon
1105 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1106 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1107 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1108 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1109 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1110 |     </filter>
1111 | 
1112 |     <source>
1113 |       @type systemd
1114 |       path /mnt/log/journal
1115 |       filters [{"_SYSTEMD_UNIT": "nfs-idmapd.service"}]
1116 |       <storage>
1117 |         @type local
1118 |         persistent true
1119 |         path /mnt/pos/nfs-idmapd.log.pos
1120 |       </storage>
1121 |       tag nfs-idmapd
1122 |     </source>
1123 | 
1124 |     <filter nfs-idmapd.**>
1125 |       @type kubernetes_sumologic
1126 |       source_category system
1127 |       source_name nfs-idmapd
1128 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1129 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1130 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1131 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1132 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1133 |     </filter>
1134 | 
1135 |     <source>
1136 |       @type systemd
1137 |       path /mnt/log/journal
1138 |       filters [{"_SYSTEMD_UNIT": "nfs-mountd.service"}]
1139 |       <storage>
1140 |         @type local
1141 |         persistent true
1142 |         path /mnt/pos/nfs-mountd.log.pos
1143 |       </storage>
1144 |       tag nfs-mountd
1145 |     </source>
1146 | 
1147 |     <filter nfs-mountd.**>
1148 |       @type kubernetes_sumologic
1149 |       source_category system
1150 |       source_name nfs-mountd
1151 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1152 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1153 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1154 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1155 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1156 |     </filter>
1157 | 
1158 |     <source>
1159 |       @type systemd
1160 |       path /mnt/log/journal
1161 |       filters [{"_SYSTEMD_UNIT": "nfs-server.service"}]
1162 |       <storage>
1163 |         @type local
1164 |         persistent true
1165 |         path /mnt/pos/nfs-server.log.pos
1166 |       </storage>
1167 |       tag nfs-server
1168 |     </source>
1169 | 
1170 |     <filter nfs-server.**>
1171 |       @type kubernetes_sumologic
1172 |       source_category system
1173 |       source_name nfs-server
1174 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1175 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1176 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1177 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1178 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1179 |     </filter>
1180 | 
1181 |     <source>
1182 |       @type systemd
1183 |       path /mnt/log/journal
1184 |       filters [{"_SYSTEMD_UNIT": "nfs-utils.service"}]
1185 |       <storage>
1186 |         @type local
1187 |         persistent true
1188 |         path /mnt/pos/nfs-utils.log.pos
1189 |       </storage>
1190 |       tag nfs-utils
1191 |     </source>
1192 | 
1193 |     <filter nfs-utils.**>
1194 |       @type kubernetes_sumologic
1195 |       source_category system
1196 |       source_name nfs-utils
1197 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1198 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1199 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1200 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1201 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1202 |     </filter>
1203 | 
1204 |     <source>
1205 |       @type systemd
1206 |       path /mnt/log/journal
1207 |       filters [{"_SYSTEMD_UNIT": "oem-cloudinit.service"}]
1208 |       <storage>
1209 |         @type local
1210 |         persistent true
1211 |         path /mnt/pos/oem-cloudinit.log.pos
1212 |       </storage>
1213 |       tag oem-cloudinit
1214 |     </source>
1215 | 
1216 |     <filter oem-cloudinit.**>
1217 |       @type kubernetes_sumologic
1218 |       source_category system
1219 |       source_name oem-cloudinit
1220 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1221 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1222 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1223 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1224 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1225 |     </filter>
1226 | 
1227 |     <source>
1228 |       @type systemd
1229 |       path /mnt/log/journal
1230 |       filters [{"_SYSTEMD_UNIT": "rkt-gc.service"}]
1231 |       <storage>
1232 |         @type local
1233 |         persistent true
1234 |         path /mnt/pos/rkt-gc.log.pos
1235 |       </storage>
1236 |       tag rkt-gc
1237 |     </source>
1238 | 
1239 |     <filter rkt-gc.**>
1240 |       @type kubernetes_sumologic
1241 |       source_category system
1242 |       source_name rkt-gc
1243 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1244 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1245 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1246 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1247 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1248 |     </filter>
1249 | 
1250 |     <source>
1251 |       @type systemd
1252 |       path /mnt/log/journal
1253 |       filters [{"_SYSTEMD_UNIT": "rkt-metadata.service"}]
1254 |       <storage>
1255 |         @type local
1256 |         persistent true
1257 |         path /mnt/pos/rkt-metadata.log.pos
1258 |       </storage>
1259 |       tag rkt-metadata
1260 |     </source>
1261 | 
1262 |     <filter rkt-metadata.**>
1263 |       @type kubernetes_sumologic
1264 |       source_category system
1265 |       source_name rkt-metadata
1266 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1267 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1268 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1269 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1270 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1271 |     </filter>
1272 | 
1273 |     <source>
1274 |       @type systemd
1275 |       path /mnt/log/journal
1276 |       filters [{"_SYSTEMD_UNIT": "rpc-idmapd.service"}]
1277 |       <storage>
1278 |         @type local
1279 |         persistent true
1280 |         path /mnt/pos/rpc-idmapd.log.pos
1281 |       </storage>
1282 |       tag rpc-idmapd
1283 |     </source>
1284 | 
1285 |     <filter rpc-idmapd.**>
1286 |       @type kubernetes_sumologic
1287 |       source_category system
1288 |       source_name rpc-idmapd
1289 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1290 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1291 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1292 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1293 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1294 |     </filter>
1295 | 
1296 |     <source>
1297 |       @type systemd
1298 |       path /mnt/log/journal
1299 |       filters [{"_SYSTEMD_UNIT": "rpc-mountd.service"}]
1300 |       <storage>
1301 |         @type local
1302 |         persistent true
1303 |         path /mnt/pos/rpc-mountd.log.pos
1304 |       </storage>
1305 |       tag rpc-mountd
1306 |     </source>
1307 | 
1308 |     <filter rpc-mountd.**>
1309 |       @type kubernetes_sumologic
1310 |       source_category system
1311 |       source_name rpc-mountd
1312 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1313 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1314 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1315 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1316 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1317 |     </filter>
1318 | 
1319 |     <source>
1320 |       @type systemd
1321 |       path /mnt/log/journal
1322 |       filters [{"_SYSTEMD_UNIT": "rpc-statd.service"}]
1323 |       <storage>
1324 |         @type local
1325 |         persistent true
1326 |         path /mnt/pos/rpc-statd.log.pos
1327 |       </storage>
1328 |       tag rpc-statd
1329 |     </source>
1330 | 
1331 |     <filter rpc-statd.**>
1332 |       @type kubernetes_sumologic
1333 |       source_category system
1334 |       source_name rpc-statd
1335 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1336 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1337 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1338 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1339 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1340 |     </filter>
1341 | 
1342 |     <source>
1343 |       @type systemd
1344 |       path /mnt/log/journal
1345 |       filters [{"_SYSTEMD_UNIT": "rpcbind.service"}]
1346 |       <storage>
1347 |         @type local
1348 |         persistent true
1349 |         path /mnt/pos/rpcbind.log.pos
1350 |       </storage>
1351 |       tag rpcbind
1352 |     </source>
1353 | 
1354 |     <filter rpcbind.**>
1355 |       @type kubernetes_sumologic
1356 |       source_category system
1357 |       source_name rpcbind
1358 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1359 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1360 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1361 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1362 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1363 |     </filter>
1364 | 
1365 |     <source>
1366 |       @type systemd
1367 |       path /mnt/log/journal
1368 |       filters [{"_SYSTEMD_UNIT": "set-aws-environment.service"}]
1369 |       <storage>
1370 |         @type local
1371 |         persistent true
1372 |         path /mnt/pos/set-aws-environment.log.pos
1373 |       </storage>
1374 |       tag set-aws-environment
1375 |     </source>
1376 | 
1377 |     <filter set-aws-environment.**>
1378 |       @type kubernetes_sumologic
1379 |       source_category system
1380 |       source_name set-aws-environment
1381 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1382 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1383 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1384 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1385 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1386 |     </filter>
1387 | 
1388 |     <source>
1389 |       @type systemd
1390 |       path /mnt/log/journal
1391 |       filters [{"_SYSTEMD_UNIT": "system-cloudinit.service"}]
1392 |       <storage>
1393 |         @type local
1394 |         persistent true
1395 |         path /mnt/pos/system-cloudinit.log.pos
1396 |       </storage>
1397 |       tag system-cloudinit
1398 |     </source>
1399 | 
1400 |     <filter system-cloudinit.**>
1401 |       @type kubernetes_sumologic
1402 |       source_category system
1403 |       source_name system-cloudinit
1404 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1405 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1406 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1407 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1408 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1409 |     </filter>
1410 | 
1411 |     <source>
1412 |       @type systemd
1413 |       path /mnt/log/journal
1414 |       filters [{"_SYSTEMD_UNIT": "update-ca-certificates.service"}]
1415 |       <storage>
1416 |         @type local
1417 |         persistent true
1418 |         path /mnt/pos/update-ca-certificates.log.pos
1419 |       </storage>
1420 |       tag update-ca-certificates
1421 |     </source>
1422 | 
1423 |     <filter update-ca-certificates.**>
1424 |       @type kubernetes_sumologic
1425 |       source_category system
1426 |       source_name update-ca-certificates
1427 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1428 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1429 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1430 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1431 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1432 |     </filter>
1433 | 
1434 |     <source>
1435 |       @type systemd
1436 |       path /mnt/log/journal
1437 |       filters [{"_SYSTEMD_UNIT": "user-cloudinit.service"}]
1438 |       <storage>
1439 |         @type local
1440 |         persistent true
1441 |         path /mnt/pos/user-cloudinit.log.pos
1442 |       </storage>
1443 |       tag user-cloudinit
1444 |     </source>
1445 | 
1446 |     <filter user-cloudinit.**>
1447 |       @type kubernetes_sumologic
1448 |       source_category system
1449 |       source_name user-cloudinit
1450 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1451 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1452 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1453 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1454 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1455 |     </filter>
1456 | 
1457 |     <source>
1458 |       @type systemd
1459 |       path /mnt/log/journal
1460 |       filters [{"_SYSTEMD_UNIT": "var-lib-etcd2.service"}]
1461 |       <storage>
1462 |         @type local
1463 |         persistent true
1464 |         path /mnt/pos/var-lib-etcd2.log.pos
1465 |       </storage>
1466 |       tag var-lib-etcd2
1467 |     </source>
1468 | 
1469 |     <filter var-lib-etcd2.**>
1470 |       @type kubernetes_sumologic
1471 |       source_category system
1472 |       source_name var-lib-etcd2
1473 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1474 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1475 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1476 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1477 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1478 |     </filter>
1479 | 
1480 |     <source>
1481 |       @type systemd
1482 |       path /mnt/log/journal
1483 |       filters [{"_SYSTEMD_UNIT": "ntp.service"}]
1484 |       <storage>
1485 |         @type local
1486 |         persistent true
1487 |         path /mnt/pos/ntp.log.pos
1488 |       </storage>
1489 |       tag ntp
1490 |     </source>
1491 | 
1492 |     <filter ntp.**>
1493 |       @type kubernetes_sumologic
1494 |       source_category system
1495 |       source_name ntp
1496 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1497 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1498 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1499 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1500 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1501 |     </filter>
1502 | 
1503 |     <source>
1504 |       @type systemd
1505 |       path /mnt/log/journal
1506 |       filters [{"_SYSTEMD_UNIT": "systemd-timesyncd.service"}]
1507 |       <storage>
1508 |         @type local
1509 |         persistent true
1510 |         path /mnt/pos/systemd-timesyncd.log.pos
1511 |       </storage>
1512 |       tag systemd-timesyncd
1513 |     </source>
1514 | 
1515 |     <filter systemd-timesyncd.**>
1516 |       @type kubernetes_sumologic
1517 |       source_category system
1518 |       source_name systemd-timesyncd
1519 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1520 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1521 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1522 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1523 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1524 |     </filter>


--------------------------------------------------------------------------------
/daemonset/rbac/fluentd.yaml:
--------------------------------------------------------------------------------
   1 | ---
   2 | apiVersion: v1
   3 | kind: ServiceAccount
   4 | metadata:
   5 |   name: fluentd
   6 | 
   7 | ---
   8 | apiVersion: rbac.authorization.k8s.io/v1beta1
   9 | kind: ClusterRole
  10 | metadata:
  11 |   name: fluentd
  12 | rules:
  13 | - apiGroups:
  14 |   - ""
  15 |   resources:
  16 |   - namespaces
  17 |   - pods
  18 |   verbs:
  19 |   - get
  20 |   - list
  21 |   - watch
  22 | 
  23 | ---
  24 | kind: ClusterRoleBinding
  25 | apiVersion: rbac.authorization.k8s.io/v1beta1
  26 | metadata:
  27 |   name: fluentd
  28 | roleRef:
  29 |   kind: ClusterRole
  30 |   name: fluentd
  31 |   apiGroup: rbac.authorization.k8s.io
  32 | subjects:
  33 | - kind: ServiceAccount
  34 |   name: fluentd
  35 |   # This namespace setting will limit fluentd to watching/listing/getting pods in the default namespace. If you want it to be able to log your kube-system namespace as well, comment the line out.
  36 |   namespace: default
  37 | 
  38 | --- 
  39 | apiVersion: extensions/v1beta1
  40 | kind: DaemonSet
  41 | metadata:
  42 |   name: fluentd-sumologic
  43 |   labels:
  44 |     app: fluentd-sumologic
  45 |     version: v1
  46 | spec:
  47 |   template:
  48 |     metadata:
  49 |       labels:
  50 |         name: fluentd-sumologic
  51 |     spec:
  52 |       serviceAccountName: fluentd
  53 |       volumes:
  54 |       - name: pos-files
  55 |         hostPath:
  56 |           path: /var/run/fluentd-pos
  57 |           type: ""
  58 |       - name: host-logs
  59 |         hostPath:
  60 |           path: /var/log/
  61 |       - name: docker-logs
  62 |         hostPath:
  63 |           path: /var/lib/docker
  64 |       - name: fluentd-sumologic-config
  65 |         configMap:
  66 |           name: fluentd-sumologic-config
  67 |       containers:
  68 |       - image: sumologic/fluentd-kubernetes-sumologic:v2.4.2
  69 |         name: fluentd
  70 |         imagePullPolicy: IfNotPresent
  71 |         volumeMounts:
  72 |         - name: fluentd-sumologic-config
  73 |           mountPath: /fluentd/etc
  74 |         - name: host-logs
  75 |           mountPath: /mnt/log/
  76 |           readOnly: true
  77 |         - name: host-logs
  78 |           mountPath: /var/log/
  79 |           readOnly: true
  80 |         - name: docker-logs
  81 |           mountPath: /var/lib/docker/
  82 |           readOnly: true
  83 |         - name: pos-files
  84 |           mountPath: /mnt/pos/
  85 |         env:
  86 |         - name: COLLECTOR_URL
  87 |           valueFrom:
  88 |             secretKeyRef:
  89 |               name: sumologic
  90 |               key: collector-url
  91 |         # Improve GC for memory limited envs like docker.
  92 |         - name: RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR
  93 |           value: "0.9"
  94 |       tolerations:
  95 |           #- operator: "Exists"
  96 |           - effect: "NoSchedule"
  97 |             key: "node-role.kubernetes.io/master"
  98 | 
  99 | ---
 100 | apiVersion: v1
 101 | kind: ConfigMap
 102 | metadata:
 103 |   name: fluentd-sumologic-config
 104 |   labels:
 105 |     app: fluentd-sumologic
 106 | data:
 107 |   out.sumo.conf: |-
 108 |     <match **>
 109 |       @type sumologic
 110 |       log_key log
 111 |       endpoint "#{ENV['COLLECTOR_URL']}"
 112 |       verify_ssl "#{ENV['VERIFY_SSL']}"
 113 |       log_format "#{ENV['LOG_FORMAT']}"
 114 |       flush_interval "#{ENV['FLUSH_INTERVAL']}"
 115 |       num_threads "#{ENV['NUM_THREADS']}"
 116 |       open_timeout 60
 117 |       add_timestamp "#{ENV['ADD_TIMESTAMP']}"
 118 |       timestamp_key "#{ENV['TIMESTAMP_KEY']}"
 119 |       proxy_uri "#{ENV['PROXY_URI']}"
 120 |     </match>
 121 | 
 122 |   fluent.file.conf: |-
 123 |     <match fluent.**>
 124 |       @type null
 125 |     </match>
 126 | 
 127 |     <source>
 128 |       @type monitor_agent
 129 |       bind 0.0.0.0
 130 |       port 24220
 131 |     </source>
 132 | 
 133 |     @include /fluentd/etc/file.source.*.conf
 134 |     @include /fluentd/etc/user/*.conf
 135 |     @include /fluentd/etc/out.sumo.conf
 136 | 
 137 |   fluent.forward.conf: |-
 138 |     ## built-in TCP input
 139 |     ## $ echo <json> | fluent-cat <tag>
 140 |     <source>
 141 |       @type forward
 142 |       @id forward_input
 143 |       port "#{ENV['FORWARD_INPUT_PORT']}"
 144 |       bind "#{ENV['FORWARD_INPUT_BIND']}"
 145 |     </source>
 146 | 
 147 |     <source>
 148 |       @type monitor_agent
 149 |       bind 0.0.0.0
 150 |       port 24220
 151 |     </source>
 152 | 
 153 |     @include /fluentd/etc/forward.source.*.conf
 154 |     @include /fluentd/etc/user/*.conf
 155 |     @include /fluentd/etc/out.sumo.conf
 156 | 
 157 |   fluent.systemd.conf: |-
 158 |     <match fluent.**>
 159 |       @type null
 160 |     </match>
 161 | 
 162 |     <source>
 163 |       @type monitor_agent
 164 |       bind 0.0.0.0
 165 |       port 24220
 166 |     </source>
 167 | 
 168 |     @include /fluentd/etc/systemd.source.*.conf
 169 |     @include /fluentd/etc/user/*.conf
 170 |     @include /fluentd/etc/out.sumo.conf
 171 | 
 172 |   file.source.containers.conf: |-
 173 |     <source>
 174 |       @type tail
 175 |       format json
 176 |       time_key "#{ENV['TIME_KEY']}"
 177 |       path "#{ENV['CONTAINER_LOGS_PATH']}"
 178 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 179 |       pos_file /mnt/pos/ggcp-containers.log.pos
 180 |       time_format %Y-%m-%dT%H:%M:%S.%NZ
 181 |       tag containers.*
 182 |       read_from_head "#{ENV['READ_FROM_HEAD']}"
 183 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 184 |     </source>
 185 | 
 186 |     <filter containers.**>
 187 |       @type concat
 188 |       key log
 189 |       multiline_start_regexp "#{ENV['MULTILINE_START_REGEXP']}"
 190 |       separator "#{ENV['CONCAT_SEPARATOR']}"
 191 |       timeout_label @NORMAL
 192 |     </filter>
 193 | 
 194 |     <match containers.**>
 195 |       @type relabel
 196 |       @label @NORMAL
 197 |     </match>
 198 | 
 199 |     <label @NORMAL>
 200 |       <filter containers.**>
 201 |         @type kubernetes_metadata
 202 |         @log_level warn
 203 |         annotation_match ["sumologic\.com.*"]
 204 |         de_dot false
 205 |         watch "#{ENV['K8S_METADATA_FILTER_WATCH']}"
 206 |         ca_file "#{ENV['K8S_METADATA_FILTER_CA_FILE']}"
 207 |         verify_ssl "#{ENV['K8S_METADATA_FILTER_VERIFY_SSL']}"
 208 |         client_cert "#{ENV['K8S_METADATA_FILTER_CLIENT_CERT']}"
 209 |         client_key "#{ENV['K8S_METADATA_FILTER_CLIENT_KEY']}"
 210 |         bearer_token_file "#{ENV['K8S_METADATA_FILTER_BEARER_TOKEN_FILE']}"
 211 |         cache_size "#{ENV['K8S_METADATA_FILTER_BEARER_CACHE_SIZE']}"
 212 |         cache_ttl "#{ENV['K8S_METADATA_FILTER_BEARER_CACHE_TTL']}"
 213 |         tag_to_kubernetes_name_regexp '.+?\.containers\.(?<pod_name>[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$'
 214 |         merge_json_log false
 215 |       </filter>
 216 | 
 217 |       <filter containers.**>
 218 |         @type kubernetes_sumologic
 219 |         source_name "#{ENV['SOURCE_NAME']}"
 220 |         source_host "#{ENV['SOURCE_HOST']}"
 221 |         log_format "#{ENV['LOG_FORMAT']}"
 222 |         kubernetes_meta "#{ENV['KUBERNETES_META']}"
 223 |         kubernetes_meta_reduce "#{ENV['KUBERNETES_META_REDUCE']}"
 224 |         add_stream "#{ENV['ADD_STREAM']}"
 225 |         add_time "#{ENV['ADD_TIME']}"
 226 |         source_category "#{ENV['SOURCE_CATEGORY']}"
 227 |         source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 228 |         source_category_replace_dash "#{ENV['SOURCE_CATEGORY_REPLACE_DASH']}"
 229 |         exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 230 |         exclude_pod_regex "#{ENV['EXCLUDE_POD_REGEX']}"
 231 |         exclude_container_regex "#{ENV['EXCLUDE_CONTAINER_REGEX']}"
 232 |         exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 233 |       </filter>
 234 | 
 235 |       @include /fluentd/etc/out.sumo.conf
 236 |     </label>
 237 | 
 238 |   file.source.docker.conf: |-
 239 |     # Examples:
 240 |     # time="2016-02-04T06:51:03.053580605Z" level=info msg="GET /containers/json"
 241 |     # time="2016-02-04T07:53:57.505612354Z" level=error msg="HTTP Error" err="No such image: -f" statusCode=404
 242 |     <source>
 243 |       @type tail
 244 |       format /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
 245 |       time_format %Y-%m-%dT%H:%M:%S.%NZ
 246 |       path /var/lib/docker.log
 247 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 248 |       pos_file /mnt/pos/ggcp-docker.log.pos
 249 |       tag docker
 250 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 251 |     </source>
 252 | 
 253 |     <filter docker.**>
 254 |       @type kubernetes_sumologic
 255 |       source_category docker
 256 |       source_name k8s_docker
 257 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 258 |     </filter>
 259 | 
 260 |   file.source.kubernetes.conf: |-
 261 |     # Example:
 262 |     # 2015-12-21 23:17:22,066 [salt.state       ][INFO    ] Completed state [net.ipv4.ip_forward] at time 23:17:22.066081
 263 |     <source>
 264 |       @type tail
 265 |       format /^(?<time>[^ ]* [^ ,]*)[^\[]*\[[^\]]*\]\[(?<severity>[^ \]]*) *\] (?<message>.*)$/
 266 |       time_format %Y-%m-%d %H:%M:%S
 267 |       path /mnt/log/salt/minion
 268 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 269 |       pos_file /mnt/pos/ggcp-salt.pos
 270 |       tag salt
 271 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 272 |     </source>
 273 | 
 274 |     <filter salt.**>
 275 |       @type kubernetes_sumologic
 276 |       source_category salt
 277 |       source_name k8s_salt
 278 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 279 |       add_stream "#{ENV['ADD_STREAM']}"
 280 |       add_time "#{ENV['ADD_TIME']}"
 281 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 282 |     </filter>
 283 | 
 284 | 
 285 |     # Example:
 286 |     # Dec 21 23:17:22 gke-foo-1-1-4b5cbd14-node-4eoj startupscript: Finished running startup script /var/run/google.startup.script
 287 |     <source>
 288 |       @type tail
 289 |       format syslog
 290 |       path /mnt/log/startupscript.log
 291 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 292 |       pos_file /mnt/pos/ggcp-startupscript.log.pos
 293 |       tag startupscript
 294 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 295 |     </source>
 296 | 
 297 |     <filter startupscript.**>
 298 |       @type kubernetes_sumologic
 299 |       source_category startupscript
 300 |       source_name k8s_startupscript
 301 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 302 |       add_stream "#{ENV['ADD_STREAM']}"
 303 |       add_time "#{ENV['ADD_TIME']}"
 304 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 305 |     </filter>
 306 | 
 307 | 
 308 |     # Multi-line parsing is required for all the kube logs because very large log
 309 |     # statements, such as those that include entire object bodies, get split into
 310 |     # multiple lines by glog.
 311 | 
 312 | 
 313 |     # Example:
 314 |     # I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
 315 |     <source>
 316 |       @type tail
 317 |       format multiline
 318 |       multiline_flush_interval 5s
 319 |       format_firstline /^\w\d{4}/
 320 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
 321 |       time_format %m%d %H:%M:%S.%N
 322 |       path /mnt/log/kubelet.log
 323 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 324 |       pos_file /mnt/pos/ggcp-kubelet.log.pos
 325 |       tag kubelet
 326 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 327 |     </source>
 328 | 
 329 |     <filter kubelet.**>
 330 |       @type kubernetes_sumologic
 331 |       source_category kubelet
 332 |       source_name k8s_kubelet
 333 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 334 |       add_stream "#{ENV['ADD_STREAM']}"
 335 |       add_time "#{ENV['ADD_TIME']}"
 336 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 337 |     </filter>
 338 | 
 339 | 
 340 |     # Example
 341 |     # 2017-11-06T18:53:49.774520188Z AUDIT: id="6a8sdffd918-0b6a-4aee-a3a1-f1sdf61596" ip="172.11.23.88" method="GET" user="kubelet" groups="\"system:nodes\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" namespace="monty" uri="/api/v1/namespaces/monty/secrets/default-token-fntvb?resourceVersion=0"
 342 |     # 2017-02-09T00:15:57.993528822Z AUDIT: id="6a8sdffd918-0b6a-4aee-a3a1-f1sdf61596" response="200"
 343 |     <source>
 344 |       @type tail
 345 |       format json
 346 |       time_key timestamp
 347 |       time_format %Y-%m-%dT%H:%M:%SZ
 348 |       path "#{ENV['AUDIT_LOG_PATH']}"
 349 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 350 |       pos_file /mnt/pos/ggcp-kube-audit.log.pos
 351 |       tag kube-audit
 352 |       read_from_head "#{ENV['READ_FROM_HEAD']}"
 353 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 354 |     </source>
 355 | 
 356 |     <filter kube-audit.**>
 357 |       @type kubernetes_sumologic
 358 |       source_category kube-audit
 359 |       source_name k8s_kube-audit
 360 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 361 |       add_stream "#{ENV['ADD_STREAM']}"
 362 |       add_time "#{ENV['ADD_TIME']}"
 363 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 364 |     </filter>
 365 | 
 366 | 
 367 |     # Example:
 368 |     # I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
 369 |     <source>
 370 |       @type tail
 371 |       format multiline
 372 |       multiline_flush_interval 5s
 373 |       format_firstline /^\w\d{4}/
 374 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
 375 |       time_format %m%d %H:%M:%S.%N
 376 |       path /mnt/log/glbc.log
 377 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 378 |       pos_file /mnt/pos/ggcp-glbc.log.pos
 379 |       tag glbc
 380 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 381 |     </source>
 382 | 
 383 |     <filter glbc.**>
 384 |       @type kubernetes_sumologic
 385 |       source_category glbc
 386 |       source_name k8s_glbc
 387 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 388 |       add_stream "#{ENV['ADD_STREAM']}"
 389 |       add_time "#{ENV['ADD_TIME']}"
 390 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 391 |     </filter>
 392 | 
 393 | 
 394 |     # Example:
 395 |     # I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
 396 |     <source>
 397 |       @type tail
 398 |       format multiline
 399 |       multiline_flush_interval 5s
 400 |       format_firstline /^\w\d{4}/
 401 |       format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
 402 |       time_format %m%d %H:%M:%S.%N
 403 |       path /mnt/log/cluster-autoscaler.log
 404 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 405 |       pos_file /mnt/pos/ggcp-cluster-autoscaler.log.pos
 406 |       tag cluster-autoscaler
 407 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 408 |     </source>
 409 | 
 410 |     <filter cluster-autoscaler.**>
 411 |       @type kubernetes_sumologic
 412 |       source_category cluster-autoscaler
 413 |       source_name k8s_cluster-autoscaler
 414 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 415 |       add_stream "#{ENV['ADD_STREAM']}"
 416 |       add_time "#{ENV['ADD_TIME']}"
 417 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 418 |     </filter>
 419 | 
 420 |   systemd.source.containers.conf: |-
 421 |     <source>
 422 |       @type tail
 423 |       format json
 424 |       time_key "#{ENV['TIME_KEY']}"
 425 |       path "#{ENV['CONTAINER_LOGS_PATH']}"
 426 |       exclude_path "#{ENV['EXCLUDE_PATH']}"
 427 |       pos_file /mnt/pos/ggcp-containers.log.pos
 428 |       time_format %Y-%m-%dT%H:%M:%S.%NZ
 429 |       tag containers.*
 430 |       read_from_head "#{ENV['READ_FROM_HEAD']}"
 431 |       enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
 432 |     </source>
 433 | 
 434 |     <filter containers.**>
 435 |       @type kubernetes_metadata
 436 |       @log_level warn
 437 |       annotation_match ["sumologic\.com.*"]
 438 |       de_dot false
 439 |       watch "#{ENV['K8S_METADATA_FILTER_WATCH']}"
 440 |       ca_file "#{ENV['K8S_METADATA_FILTER_CA_FILE']}"
 441 |       verify_ssl "#{ENV['K8S_METADATA_FILTER_VERIFY_SSL']}"
 442 |       client_cert "#{ENV['K8S_METADATA_FILTER_CLIENT_CERT']}"
 443 |       client_key "#{ENV['K8S_METADATA_FILTER_CLIENT_KEY']}"
 444 |       bearer_token_file "#{ENV['K8S_METADATA_FILTER_BEARER_TOKEN_FILE']}"
 445 |       cache_size "#{ENV['K8S_METADATA_FILTER_BEARER_CACHE_SIZE']}"
 446 |       cache_ttl "#{ENV['K8S_METADATA_FILTER_BEARER_CACHE_TTL']}"
 447 |       tag_to_kubernetes_name_regexp '.+?\.containers\.(?<pod_name>[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$'
 448 |       merge_json_log false
 449 |     </filter>
 450 | 
 451 |     <filter containers.**>
 452 |       @type kubernetes_sumologic
 453 |       source_name "#{ENV['SOURCE_NAME']}"
 454 |       source_host "#{ENV['SOURCE_HOST']}"
 455 |       log_format "#{ENV['LOG_FORMAT']}"
 456 |       kubernetes_meta "#{ENV['KUBERNETES_META']}"
 457 |       kubernetes_meta_reduce "#{ENV['KUBERNETES_META_REDUCE']}"
 458 |       add_stream "#{ENV['ADD_STREAM']}"
 459 |       add_time "#{ENV['ADD_TIME']}"
 460 |       source_category "#{ENV['SOURCE_CATEGORY']}"
 461 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 462 |       source_category_replace_dash "#{ENV['SOURCE_CATEGORY_REPLACE_DASH']}"
 463 |       exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
 464 |       exclude_pod_regex "#{ENV['EXCLUDE_POD_REGEX']}"
 465 |       exclude_container_regex "#{ENV['EXCLUDE_CONTAINER_REGEX']}"
 466 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 467 |     </filter>
 468 | 
 469 |   systemd.source.systemd.conf: |-
 470 | 
 471 |     <source>
 472 |       @type systemd
 473 |       path /mnt/log/journal
 474 |       filters [{"_SYSTEMD_UNIT": "addon-config.service"}]
 475 |       <storage>
 476 |         @type local
 477 |         persistent true
 478 |         path /mnt/pos/addon-config.log.pos
 479 |       </storage>
 480 |       tag addon-config
 481 |     </source>
 482 | 
 483 |     <filter addon-config.**>
 484 |       @type kubernetes_sumologic
 485 |       source_category system
 486 |       source_name addon-config
 487 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 488 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 489 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 490 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 491 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 492 |     </filter>
 493 | 
 494 |     <source>
 495 |       @type systemd
 496 |       path /mnt/log/journal
 497 |       filters [{"_SYSTEMD_UNIT": "addon-run.service"}]
 498 |       <storage>
 499 |         @type local
 500 |         persistent true
 501 |         path /mnt/pos/addon-run.log.pos
 502 |       </storage>
 503 |       tag addon-run
 504 |     </source>
 505 | 
 506 |     <filter addon-run.**>
 507 |       @type kubernetes_sumologic
 508 |       source_category system
 509 |       source_name addon-run
 510 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 511 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 512 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 513 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 514 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 515 |     </filter>
 516 | 
 517 |     <source>
 518 |       @type systemd
 519 |       path /mnt/log/journal
 520 |       filters [{"_SYSTEMD_UNIT": "cfn-etcd-environment.service"}]
 521 |       <storage>
 522 |         @type local
 523 |         persistent true
 524 |         path /mnt/pos/cfn-etcd-environment.log.pos
 525 |       </storage>
 526 |       tag cfn-etcd-environment
 527 |     </source>
 528 | 
 529 |     <filter cfn-etcd-environment.**>
 530 |       @type kubernetes_sumologic
 531 |       source_category system
 532 |       source_name cfn-etcd-environment
 533 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 534 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 535 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 536 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 537 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 538 |     </filter>
 539 | 
 540 |     <source>
 541 |       @type systemd
 542 |       path /mnt/log/journal
 543 |       filters [{"_SYSTEMD_UNIT": "cfn-signal.service"}]
 544 |       <storage>
 545 |         @type local
 546 |         persistent true
 547 |         path /mnt/pos/cfn-signal.log.pos
 548 |       </storage>
 549 |       tag cfn-signal
 550 |     </source>
 551 | 
 552 |     <filter cfn-signal.**>
 553 |       @type kubernetes_sumologic
 554 |       source_category system
 555 |       source_name cfn-signal
 556 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 557 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 558 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 559 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 560 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 561 |     </filter>
 562 | 
 563 |     <source>
 564 |       @type systemd
 565 |       path /mnt/log/journal
 566 |       filters [{"_SYSTEMD_UNIT": "clean-ca-certificates.service"}]
 567 |       <storage>
 568 |         @type local
 569 |         persistent true
 570 |         path /mnt/pos/clean-ca-certificates.log.pos
 571 |       </storage>
 572 |       tag clean-ca-certificates
 573 |     </source>
 574 | 
 575 |     <filter clean-ca-certificates.**>
 576 |       @type kubernetes_sumologic
 577 |       source_category system
 578 |       source_name clean-ca-certificates
 579 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 580 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 581 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 582 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 583 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 584 |     </filter>
 585 | 
 586 |     <source>
 587 |       @type systemd
 588 |       path /mnt/log/journal
 589 |       filters [{"_SYSTEMD_UNIT": "containerd.service"}]
 590 |       <storage>
 591 |         @type local
 592 |         persistent true
 593 |         path /mnt/pos/containerd.log.pos
 594 |       </storage>
 595 |       tag containerd
 596 |     </source>
 597 | 
 598 |     <filter containerd.**>
 599 |       @type kubernetes_sumologic
 600 |       source_category system
 601 |       source_name containerd
 602 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 603 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 604 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 605 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 606 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 607 |     </filter>
 608 | 
 609 |     <source>
 610 |       @type systemd
 611 |       path /mnt/log/journal
 612 |       filters [{"_SYSTEMD_UNIT": "coreos-metadata.service"}]
 613 |       <storage>
 614 |         @type local
 615 |         persistent true
 616 |         path /mnt/pos/coreos-metadata.log.pos
 617 |       </storage>
 618 |       tag coreos-metadata
 619 |     </source>
 620 | 
 621 |     <filter coreos-metadata.**>
 622 |       @type kubernetes_sumologic
 623 |       source_category system
 624 |       source_name coreos-metadata
 625 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 626 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 627 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 628 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 629 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 630 |     </filter>
 631 | 
 632 |     <source>
 633 |       @type systemd
 634 |       path /mnt/log/journal
 635 |       filters [{"_SYSTEMD_UNIT": "coreos-setup-environment.service"}]
 636 |       <storage>
 637 |         @type local
 638 |         persistent true
 639 |         path /mnt/pos/coreos-setup-environment.log.pos
 640 |       </storage>
 641 |       tag coreos-setup-environment
 642 |     </source>
 643 | 
 644 |     <filter coreos-setup-environment.**>
 645 |       @type kubernetes_sumologic
 646 |       source_category system
 647 |       source_name coreos-setup-environment
 648 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 649 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 650 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 651 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 652 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 653 |     </filter>
 654 | 
 655 |     <source>
 656 |       @type systemd
 657 |       path /mnt/log/journal
 658 |       filters [{"_SYSTEMD_UNIT": "coreos-tmpfiles.service"}]
 659 |       <storage>
 660 |         @type local
 661 |         persistent true
 662 |         path /mnt/pos/coreos-tmpfiles.log.pos
 663 |       </storage>
 664 |       tag coreos-tmpfiles
 665 |     </source>
 666 | 
 667 |     <filter coreos-tmpfiles.**>
 668 |       @type kubernetes_sumologic
 669 |       source_category system
 670 |       source_name coreos-tmpfiles
 671 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 672 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 673 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 674 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 675 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 676 |     </filter>
 677 | 
 678 |     <source>
 679 |       @type systemd
 680 |       path /mnt/log/journal
 681 |       filters [{"_SYSTEMD_UNIT": "dbus.service"}]
 682 |       <storage>
 683 |         @type local
 684 |         persistent true
 685 |         path /mnt/pos/dbus.log.pos
 686 |       </storage>
 687 |       tag dbus
 688 |     </source>
 689 | 
 690 |     <filter dbus.**>
 691 |       @type kubernetes_sumologic
 692 |       source_category system
 693 |       source_name dbus
 694 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 695 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 696 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 697 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 698 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 699 |     </filter>
 700 | 
 701 |     <source>
 702 |       @type systemd
 703 |       path /mnt/log/journal
 704 |       filters [{"_SYSTEMD_UNIT": "docker.service"}]
 705 |       <storage>
 706 |         @type local
 707 |         persistent true
 708 |         path /mnt/pos/docker.log.pos
 709 |       </storage>
 710 |       tag docker
 711 |     </source>
 712 | 
 713 |     <filter docker.**>
 714 |       @type kubernetes_sumologic
 715 |       source_category system
 716 |       source_name docker
 717 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 718 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 719 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 720 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 721 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 722 |     </filter>
 723 | 
 724 |     <source>
 725 |       @type systemd
 726 |       path /mnt/log/journal
 727 |       filters [{"_SYSTEMD_UNIT": "efs.service"}]
 728 |       <storage>
 729 |         @type local
 730 |         persistent true
 731 |         path /mnt/pos/efs.log.pos
 732 |       </storage>
 733 |       tag efs
 734 |     </source>
 735 | 
 736 |     <filter efs.**>
 737 |       @type kubernetes_sumologic
 738 |       source_category system
 739 |       source_name efs
 740 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 741 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 742 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 743 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 744 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 745 |     </filter>
 746 | 
 747 |     <source>
 748 |       @type systemd
 749 |       path /mnt/log/journal
 750 |       filters [{"_SYSTEMD_UNIT": "etcd-member.service"}]
 751 |       <storage>
 752 |         @type local
 753 |         persistent true
 754 |         path /mnt/pos/etcd-member.log.pos
 755 |       </storage>
 756 |       tag etcd-member
 757 |     </source>
 758 | 
 759 |     <filter etcd-member.**>
 760 |       @type kubernetes_sumologic
 761 |       source_category system
 762 |       source_name etcd-member
 763 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 764 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 765 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 766 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 767 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 768 |     </filter>
 769 | 
 770 |     <source>
 771 |       @type systemd
 772 |       path /mnt/log/journal
 773 |       filters [{"_SYSTEMD_UNIT": "etcd.service"}]
 774 |       <storage>
 775 |         @type local
 776 |         persistent true
 777 |         path /mnt/pos/etcd.log.pos
 778 |       </storage>
 779 |       tag etcd
 780 |     </source>
 781 | 
 782 |     <filter etcd.**>
 783 |       @type kubernetes_sumologic
 784 |       source_category system
 785 |       source_name etcd
 786 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 787 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 788 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 789 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 790 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 791 |     </filter>
 792 | 
 793 |     <source>
 794 |       @type systemd
 795 |       path /mnt/log/journal
 796 |       filters [{"_SYSTEMD_UNIT": "etcd2.service"}]
 797 |       <storage>
 798 |         @type local
 799 |         persistent true
 800 |         path /mnt/pos/etcd2.log.pos
 801 |       </storage>
 802 |       tag etcd2
 803 |     </source>
 804 | 
 805 |     <filter etcd2.**>
 806 |       @type kubernetes_sumologic
 807 |       source_category system
 808 |       source_name etcd2
 809 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 810 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 811 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 812 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 813 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 814 |     </filter>
 815 | 
 816 |     <source>
 817 |       @type systemd
 818 |       path /mnt/log/journal
 819 |       filters [{"_SYSTEMD_UNIT": "etcd3.service"}]
 820 |       <storage>
 821 |         @type local
 822 |         persistent true
 823 |         path /mnt/pos/etcd3.log.pos
 824 |       </storage>
 825 |       tag etcd3
 826 |     </source>
 827 | 
 828 |     <filter etcd3.**>
 829 |       @type kubernetes_sumologic
 830 |       source_category system
 831 |       source_name etcd3
 832 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 833 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 834 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 835 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 836 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 837 |     </filter>
 838 | 
 839 |     <source>
 840 |       @type systemd
 841 |       path /mnt/log/journal
 842 |       filters [{"_SYSTEMD_UNIT": "etcdadm-check.service"}]
 843 |       <storage>
 844 |         @type local
 845 |         persistent true
 846 |         path /mnt/pos/etcdadm-check.log.pos
 847 |       </storage>
 848 |       tag etcdadm-check
 849 |     </source>
 850 | 
 851 |     <filter etcdadm-check.**>
 852 |       @type kubernetes_sumologic
 853 |       source_category system
 854 |       source_name etcdadm-check
 855 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 856 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 857 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 858 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 859 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 860 |     </filter>
 861 | 
 862 |     <source>
 863 |       @type systemd
 864 |       path /mnt/log/journal
 865 |       filters [{"_SYSTEMD_UNIT": "etcdadm-reconfigure.service"}]
 866 |       <storage>
 867 |         @type local
 868 |         persistent true
 869 |         path /mnt/pos/etcdadm-reconfigure.log.pos
 870 |       </storage>
 871 |       tag etcdadm-reconfigure
 872 |     </source>
 873 | 
 874 |     <filter etcdadm-reconfigure.**>
 875 |       @type kubernetes_sumologic
 876 |       source_category system
 877 |       source_name etcdadm-reconfigure
 878 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 879 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 880 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 881 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 882 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 883 |     </filter>
 884 | 
 885 |     <source>
 886 |       @type systemd
 887 |       path /mnt/log/journal
 888 |       filters [{"_SYSTEMD_UNIT": "etcdadm-save.service"}]
 889 |       <storage>
 890 |         @type local
 891 |         persistent true
 892 |         path /mnt/pos/etcdadm-save.log.pos
 893 |       </storage>
 894 |       tag etcdadm-save
 895 |     </source>
 896 | 
 897 |     <filter etcdadm-save.**>
 898 |       @type kubernetes_sumologic
 899 |       source_category system
 900 |       source_name etcdadm-save
 901 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 902 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 903 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 904 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 905 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 906 |     </filter>
 907 | 
 908 |     <source>
 909 |       @type systemd
 910 |       path /mnt/log/journal
 911 |       filters [{"_SYSTEMD_UNIT": "etcdadm-update-status.service"}]
 912 |       <storage>
 913 |         @type local
 914 |         persistent true
 915 |         path /mnt/pos/etcdadm-update-status.log.pos
 916 |       </storage>
 917 |       tag etcdadm-update-status
 918 |     </source>
 919 | 
 920 |     <filter etcdadm-update-status.**>
 921 |       @type kubernetes_sumologic
 922 |       source_category system
 923 |       source_name etcdadm-update-status
 924 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 925 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 926 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 927 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 928 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 929 |     </filter>
 930 | 
 931 |     <source>
 932 |       @type systemd
 933 |       path /mnt/log/journal
 934 |       filters [{"_SYSTEMD_UNIT": "flanneld.service"}]
 935 |       <storage>
 936 |         @type local
 937 |         persistent true
 938 |         path /mnt/pos/flanneld.log.pos
 939 |       </storage>
 940 |       tag flanneld
 941 |     </source>
 942 | 
 943 |     <filter flanneld.**>
 944 |       @type kubernetes_sumologic
 945 |       source_category system
 946 |       source_name flanneld
 947 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 948 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 949 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 950 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 951 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 952 |     </filter>
 953 | 
 954 |     <source>
 955 |       @type systemd
 956 |       path /mnt/log/journal
 957 |       filters [{"_SYSTEMD_UNIT": "format-etcd2-volume.service"}]
 958 |       <storage>
 959 |         @type local
 960 |         persistent true
 961 |         path /mnt/pos/format-etcd2-volume.log.pos
 962 |       </storage>
 963 |       tag format-etcd2-volume
 964 |     </source>
 965 | 
 966 |     <filter format-etcd2-volume.**>
 967 |       @type kubernetes_sumologic
 968 |       source_category system
 969 |       source_name format-etcd2-volume
 970 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 971 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 972 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 973 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 974 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 975 |     </filter>
 976 | 
 977 |     <source>
 978 |       @type systemd
 979 |       path /mnt/log/journal
 980 |       filters [{"_SYSTEMD_UNIT": "kube-node-taint-and-uncordon.service"}]
 981 |       <storage>
 982 |         @type local
 983 |         persistent true
 984 |         path /mnt/pos/kube-node-taint-and-uncordon.log.pos
 985 |       </storage>
 986 |       tag kube-node-taint-and-uncordon
 987 |     </source>
 988 | 
 989 |     <filter kube-node-taint-and-uncordon.**>
 990 |       @type kubernetes_sumologic
 991 |       source_category system
 992 |       source_name kube-node-taint-and-uncordon
 993 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
 994 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
 995 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
 996 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
 997 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
 998 |     </filter>
 999 | 
1000 |     # Multi-line parsing is required for all the kube logs because very large log
1001 |     # statements, such as those that include entire object bodies, get split into
1002 |     # multiple lines by glog.
1003 | 
1004 |     # Example:
1005 |     # I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
1006 |     <source>
1007 |       @type systemd
1008 |       path /mnt/log/journal
1009 |       filters [{"_SYSTEMD_UNIT": "kubelet.service"}]
1010 |       <storage>
1011 |         @type local
1012 |         persistent true
1013 |         path /mnt/pos/kubelet.log.pos
1014 |       </storage>
1015 |       tag kubelet
1016 |     </source>
1017 | 
1018 |     <filter kubelet.**>
1019 |       @type kubernetes_sumologic
1020 |       source_category kubelet
1021 |       source_name k8s_kubelet
1022 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1023 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1024 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1025 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1026 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1027 |     </filter>
1028 | 
1029 |     <source>
1030 |       @type systemd
1031 |       path /mnt/log/journal
1032 |       filters [{"_SYSTEMD_UNIT": "ldconfig.service"}]
1033 |       <storage>
1034 |         @type local
1035 |         persistent true
1036 |         path /mnt/pos/ldconfig.log.pos
1037 |       </storage>
1038 |       tag ldconfig
1039 |     </source>
1040 | 
1041 |     <filter ldconfig.**>
1042 |       @type kubernetes_sumologic
1043 |       source_category system
1044 |       source_name ldconfig
1045 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1046 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1047 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1048 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1049 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1050 |     </filter>
1051 | 
1052 |     <source>
1053 |       @type systemd
1054 |       path /mnt/log/journal
1055 |       filters [{"_SYSTEMD_UNIT": "locksmithd.service"}]
1056 |       <storage>
1057 |         @type local
1058 |         persistent true
1059 |         path /mnt/pos/locksmithd.log.pos
1060 |       </storage>
1061 |       tag locksmithd
1062 |     </source>
1063 | 
1064 |     <filter locksmithd.**>
1065 |       @type kubernetes_sumologic
1066 |       source_category system
1067 |       source_name locksmithd
1068 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1069 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1070 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1071 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1072 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1073 |     </filter>
1074 | 
1075 |     <source>
1076 |       @type systemd
1077 |       path /mnt/log/journal
1078 |       filters [{"_SYSTEMD_UNIT": "logrotate.service"}]
1079 |       <storage>
1080 |         @type local
1081 |         persistent true
1082 |         path /mnt/pos/logrotate.log.pos
1083 |       </storage>
1084 |       tag logrotate
1085 |     </source>
1086 | 
1087 |     <filter logrotate.**>
1088 |       @type kubernetes_sumologic
1089 |       source_category system
1090 |       source_name logrotate
1091 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1092 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1093 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1094 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1095 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1096 |     </filter>
1097 | 
1098 |     <source>
1099 |       @type systemd
1100 |       path /mnt/log/journal
1101 |       filters [{"_SYSTEMD_UNIT": "lvm2-monitor.service"}]
1102 |       <storage>
1103 |         @type local
1104 |         persistent true
1105 |         path /mnt/pos/lvm2-monitor.log.pos
1106 |       </storage>
1107 |       tag lvm2-monitor
1108 |     </source>
1109 | 
1110 |     <filter lvm2-monitor.**>
1111 |       @type kubernetes_sumologic
1112 |       source_category system
1113 |       source_name lvm2-monitor
1114 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1115 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1116 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1117 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1118 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1119 |     </filter>
1120 | 
1121 |     <source>
1122 |       @type systemd
1123 |       path /mnt/log/journal
1124 |       filters [{"_SYSTEMD_UNIT": "mdmon.service"}]
1125 |       <storage>
1126 |         @type local
1127 |         persistent true
1128 |         path /mnt/pos/mdmon.log.pos
1129 |       </storage>
1130 |       tag mdmon
1131 |     </source>
1132 | 
1133 |     <filter mdmon.**>
1134 |       @type kubernetes_sumologic
1135 |       source_category system
1136 |       source_name mdmon
1137 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1138 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1139 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1140 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1141 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1142 |     </filter>
1143 | 
1144 |     <source>
1145 |       @type systemd
1146 |       path /mnt/log/journal
1147 |       filters [{"_SYSTEMD_UNIT": "nfs-idmapd.service"}]
1148 |       <storage>
1149 |         @type local
1150 |         persistent true
1151 |         path /mnt/pos/nfs-idmapd.log.pos
1152 |       </storage>
1153 |       tag nfs-idmapd
1154 |     </source>
1155 | 
1156 |     <filter nfs-idmapd.**>
1157 |       @type kubernetes_sumologic
1158 |       source_category system
1159 |       source_name nfs-idmapd
1160 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1161 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1162 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1163 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1164 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1165 |     </filter>
1166 | 
1167 |     <source>
1168 |       @type systemd
1169 |       path /mnt/log/journal
1170 |       filters [{"_SYSTEMD_UNIT": "nfs-mountd.service"}]
1171 |       <storage>
1172 |         @type local
1173 |         persistent true
1174 |         path /mnt/pos/nfs-mountd.log.pos
1175 |       </storage>
1176 |       tag nfs-mountd
1177 |     </source>
1178 | 
1179 |     <filter nfs-mountd.**>
1180 |       @type kubernetes_sumologic
1181 |       source_category system
1182 |       source_name nfs-mountd
1183 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1184 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1185 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1186 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1187 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1188 |     </filter>
1189 | 
1190 |     <source>
1191 |       @type systemd
1192 |       path /mnt/log/journal
1193 |       filters [{"_SYSTEMD_UNIT": "nfs-server.service"}]
1194 |       <storage>
1195 |         @type local
1196 |         persistent true
1197 |         path /mnt/pos/nfs-server.log.pos
1198 |       </storage>
1199 |       tag nfs-server
1200 |     </source>
1201 | 
1202 |     <filter nfs-server.**>
1203 |       @type kubernetes_sumologic
1204 |       source_category system
1205 |       source_name nfs-server
1206 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1207 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1208 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1209 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1210 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1211 |     </filter>
1212 | 
1213 |     <source>
1214 |       @type systemd
1215 |       path /mnt/log/journal
1216 |       filters [{"_SYSTEMD_UNIT": "nfs-utils.service"}]
1217 |       <storage>
1218 |         @type local
1219 |         persistent true
1220 |         path /mnt/pos/nfs-utils.log.pos
1221 |       </storage>
1222 |       tag nfs-utils
1223 |     </source>
1224 | 
1225 |     <filter nfs-utils.**>
1226 |       @type kubernetes_sumologic
1227 |       source_category system
1228 |       source_name nfs-utils
1229 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1230 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1231 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1232 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1233 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1234 |     </filter>
1235 | 
1236 |     <source>
1237 |       @type systemd
1238 |       path /mnt/log/journal
1239 |       filters [{"_SYSTEMD_UNIT": "oem-cloudinit.service"}]
1240 |       <storage>
1241 |         @type local
1242 |         persistent true
1243 |         path /mnt/pos/oem-cloudinit.log.pos
1244 |       </storage>
1245 |       tag oem-cloudinit
1246 |     </source>
1247 | 
1248 |     <filter oem-cloudinit.**>
1249 |       @type kubernetes_sumologic
1250 |       source_category system
1251 |       source_name oem-cloudinit
1252 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1253 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1254 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1255 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1256 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1257 |     </filter>
1258 | 
1259 |     <source>
1260 |       @type systemd
1261 |       path /mnt/log/journal
1262 |       filters [{"_SYSTEMD_UNIT": "rkt-gc.service"}]
1263 |       <storage>
1264 |         @type local
1265 |         persistent true
1266 |         path /mnt/pos/rkt-gc.log.pos
1267 |       </storage>
1268 |       tag rkt-gc
1269 |     </source>
1270 | 
1271 |     <filter rkt-gc.**>
1272 |       @type kubernetes_sumologic
1273 |       source_category system
1274 |       source_name rkt-gc
1275 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1276 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1277 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1278 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1279 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1280 |     </filter>
1281 | 
1282 |     <source>
1283 |       @type systemd
1284 |       path /mnt/log/journal
1285 |       filters [{"_SYSTEMD_UNIT": "rkt-metadata.service"}]
1286 |       <storage>
1287 |         @type local
1288 |         persistent true
1289 |         path /mnt/pos/rkt-metadata.log.pos
1290 |       </storage>
1291 |       tag rkt-metadata
1292 |     </source>
1293 | 
1294 |     <filter rkt-metadata.**>
1295 |       @type kubernetes_sumologic
1296 |       source_category system
1297 |       source_name rkt-metadata
1298 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1299 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1300 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1301 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1302 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1303 |     </filter>
1304 | 
1305 |     <source>
1306 |       @type systemd
1307 |       path /mnt/log/journal
1308 |       filters [{"_SYSTEMD_UNIT": "rpc-idmapd.service"}]
1309 |       <storage>
1310 |         @type local
1311 |         persistent true
1312 |         path /mnt/pos/rpc-idmapd.log.pos
1313 |       </storage>
1314 |       tag rpc-idmapd
1315 |     </source>
1316 | 
1317 |     <filter rpc-idmapd.**>
1318 |       @type kubernetes_sumologic
1319 |       source_category system
1320 |       source_name rpc-idmapd
1321 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1322 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1323 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1324 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1325 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1326 |     </filter>
1327 | 
1328 |     <source>
1329 |       @type systemd
1330 |       path /mnt/log/journal
1331 |       filters [{"_SYSTEMD_UNIT": "rpc-mountd.service"}]
1332 |       <storage>
1333 |         @type local
1334 |         persistent true
1335 |         path /mnt/pos/rpc-mountd.log.pos
1336 |       </storage>
1337 |       tag rpc-mountd
1338 |     </source>
1339 | 
1340 |     <filter rpc-mountd.**>
1341 |       @type kubernetes_sumologic
1342 |       source_category system
1343 |       source_name rpc-mountd
1344 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1345 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1346 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1347 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1348 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1349 |     </filter>
1350 | 
1351 |     <source>
1352 |       @type systemd
1353 |       path /mnt/log/journal
1354 |       filters [{"_SYSTEMD_UNIT": "rpc-statd.service"}]
1355 |       <storage>
1356 |         @type local
1357 |         persistent true
1358 |         path /mnt/pos/rpc-statd.log.pos
1359 |       </storage>
1360 |       tag rpc-statd
1361 |     </source>
1362 | 
1363 |     <filter rpc-statd.**>
1364 |       @type kubernetes_sumologic
1365 |       source_category system
1366 |       source_name rpc-statd
1367 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1368 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1369 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1370 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1371 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1372 |     </filter>
1373 | 
1374 |     <source>
1375 |       @type systemd
1376 |       path /mnt/log/journal
1377 |       filters [{"_SYSTEMD_UNIT": "rpcbind.service"}]
1378 |       <storage>
1379 |         @type local
1380 |         persistent true
1381 |         path /mnt/pos/rpcbind.log.pos
1382 |       </storage>
1383 |       tag rpcbind
1384 |     </source>
1385 | 
1386 |     <filter rpcbind.**>
1387 |       @type kubernetes_sumologic
1388 |       source_category system
1389 |       source_name rpcbind
1390 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1391 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1392 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1393 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1394 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1395 |     </filter>
1396 | 
1397 |     <source>
1398 |       @type systemd
1399 |       path /mnt/log/journal
1400 |       filters [{"_SYSTEMD_UNIT": "set-aws-environment.service"}]
1401 |       <storage>
1402 |         @type local
1403 |         persistent true
1404 |         path /mnt/pos/set-aws-environment.log.pos
1405 |       </storage>
1406 |       tag set-aws-environment
1407 |     </source>
1408 | 
1409 |     <filter set-aws-environment.**>
1410 |       @type kubernetes_sumologic
1411 |       source_category system
1412 |       source_name set-aws-environment
1413 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1414 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1415 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1416 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1417 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1418 |     </filter>
1419 | 
1420 |     <source>
1421 |       @type systemd
1422 |       path /mnt/log/journal
1423 |       filters [{"_SYSTEMD_UNIT": "system-cloudinit.service"}]
1424 |       <storage>
1425 |         @type local
1426 |         persistent true
1427 |         path /mnt/pos/system-cloudinit.log.pos
1428 |       </storage>
1429 |       tag system-cloudinit
1430 |     </source>
1431 | 
1432 |     <filter system-cloudinit.**>
1433 |       @type kubernetes_sumologic
1434 |       source_category system
1435 |       source_name system-cloudinit
1436 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1437 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1438 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1439 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1440 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1441 |     </filter>
1442 | 
1443 |     <source>
1444 |       @type systemd
1445 |       path /mnt/log/journal
1446 |       filters [{"_SYSTEMD_UNIT": "update-ca-certificates.service"}]
1447 |       <storage>
1448 |         @type local
1449 |         persistent true
1450 |         path /mnt/pos/update-ca-certificates.log.pos
1451 |       </storage>
1452 |       tag update-ca-certificates
1453 |     </source>
1454 | 
1455 |     <filter update-ca-certificates.**>
1456 |       @type kubernetes_sumologic
1457 |       source_category system
1458 |       source_name update-ca-certificates
1459 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1460 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1461 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1462 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1463 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1464 |     </filter>
1465 | 
1466 |     <source>
1467 |       @type systemd
1468 |       path /mnt/log/journal
1469 |       filters [{"_SYSTEMD_UNIT": "user-cloudinit.service"}]
1470 |       <storage>
1471 |         @type local
1472 |         persistent true
1473 |         path /mnt/pos/user-cloudinit.log.pos
1474 |       </storage>
1475 |       tag user-cloudinit
1476 |     </source>
1477 | 
1478 |     <filter user-cloudinit.**>
1479 |       @type kubernetes_sumologic
1480 |       source_category system
1481 |       source_name user-cloudinit
1482 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1483 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1484 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1485 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1486 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1487 |     </filter>
1488 | 
1489 |     <source>
1490 |       @type systemd
1491 |       path /mnt/log/journal
1492 |       filters [{"_SYSTEMD_UNIT": "var-lib-etcd2.service"}]
1493 |       <storage>
1494 |         @type local
1495 |         persistent true
1496 |         path /mnt/pos/var-lib-etcd2.log.pos
1497 |       </storage>
1498 |       tag var-lib-etcd2
1499 |     </source>
1500 | 
1501 |     <filter var-lib-etcd2.**>
1502 |       @type kubernetes_sumologic
1503 |       source_category system
1504 |       source_name var-lib-etcd2
1505 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1506 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1507 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1508 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1509 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1510 |     </filter>
1511 | 
1512 |     <source>
1513 |       @type systemd
1514 |       path /mnt/log/journal
1515 |       filters [{"_SYSTEMD_UNIT": "ntp.service"}]
1516 |       <storage>
1517 |         @type local
1518 |         persistent true
1519 |         path /mnt/pos/ntp.log.pos
1520 |       </storage>
1521 |       tag ntp
1522 |     </source>
1523 | 
1524 |     <filter ntp.**>
1525 |       @type kubernetes_sumologic
1526 |       source_category system
1527 |       source_name ntp
1528 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1529 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1530 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1531 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1532 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1533 |     </filter>
1534 | 
1535 |     <source>
1536 |       @type systemd
1537 |       path /mnt/log/journal
1538 |       filters [{"_SYSTEMD_UNIT": "systemd-timesyncd.service"}]
1539 |       <storage>
1540 |         @type local
1541 |         persistent true
1542 |         path /mnt/pos/systemd-timesyncd.log.pos
1543 |       </storage>
1544 |       tag systemd-timesyncd
1545 |     </source>
1546 | 
1547 |     <filter systemd-timesyncd.**>
1548 |       @type kubernetes_sumologic
1549 |       source_category system
1550 |       source_name systemd-timesyncd
1551 |       source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
1552 |       exclude_facility_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
1553 |       exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
1554 |       exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
1555 |       exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
1556 |     </filter>


--------------------------------------------------------------------------------
/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | if [ $# -gt 0 ] && [ "${1:0:1}" != "-" ]; then
 3 |   exec $@
 4 | else
 5 |   cd `dirname $0`
 6 | 
 7 |   if ! ls /fluentd/etc/fluent.${FLUENTD_SOURCE}.conf > /dev/null; then
 8 |     echo "Unknown source '$FLUENTD_SOURCE'"
 9 |     if [ -e /dev/termination-log ]; then
10 |       echo "Unknown source '$FLUENTD_SOURCE'" >/dev/termination-log
11 |     fi
12 |     exit 1
13 |   fi
14 | 
15 |   exec fluentd -c /fluentd/etc/fluent.$FLUENTD_SOURCE.conf -p /fluentd/plugins $FLUENTD_OPT
16 | fi
17 | 


--------------------------------------------------------------------------------
/fluent-plugin-kubernetes_sumologic.gemspec:
--------------------------------------------------------------------------------
 1 | # coding: utf-8
 2 | lib = File.expand_path('../lib', __FILE__)
 3 | $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 4 | 
 5 | Gem::Specification.new do |gem|
 6 |   gem.name          = "fluent-plugin-kubernetes_sumologic"
 7 |   gem.version       = "0.0.0"
 8 |   gem.authors       = ["Sumo Logic"]
 9 |   gem.email         = ["collection@sumologic.com"]
10 |   gem.description   = %q{FluentD plugin to extract logs from Kubernetes clusters, enrich and ship to Sumo logic.}
11 |   gem.summary       = %q{FluentD plugin to extract logs from Kubernetes clusters, enrich and ship to Sumo logic.}
12 |   gem.homepage      = "https://github.com/SumoLogic/fluentd-kubernetes-sumologic"
13 |   gem.license       = "Apache-2.0"
14 | 
15 |   gem.files         = `git ls-files`.split($/)
16 |   gem.executables   = gem.files.grep(%r{^bin/}) { |f| File.basename(f) }
17 |   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
18 |   gem.require_paths = ["lib"]
19 | 
20 |   gem.required_ruby_version = '>= 2.0.0'
21 | 
22 |   gem.add_development_dependency "bundler", "~> 2"
23 |   gem.add_development_dependency "rake"
24 |   gem.add_development_dependency 'test-unit', '~> 3.1.0'
25 |   gem.add_development_dependency "codecov", ">= 0.1.10"
26 |   gem.add_runtime_dependency "fluentd", ">= 0.14.12"
27 |   gem.add_runtime_dependency 'httpclient', '~> 2.8.0'
28 | end
29 | 


--------------------------------------------------------------------------------
/lib/fluent/plugin/filter_kubernetes_sumologic.rb:
--------------------------------------------------------------------------------
  1 | require "fluent/filter"
  2 | 
  3 | module Fluent::Plugin
  4 |   class SumoContainerOutput < Fluent::Plugin::Filter
  5 |     # Register type
  6 |     Fluent::Plugin.register_filter("kubernetes_sumologic", self)
  7 | 
  8 |     config_param :kubernetes_meta, :bool, :default => true
  9 |     config_param :kubernetes_meta_reduce, :bool, :default => false
 10 |     config_param :source_category, :string, :default => "%{namespace}/%{pod_name}"
 11 |     config_param :source_category_replace_dash, :string, :default => "/"
 12 |     config_param :source_category_prefix, :string, :default => "kubernetes/"
 13 |     config_param :source_name, :string, :default => "%{namespace}.%{pod}.%{container}"
 14 |     config_param :log_format, :string, :default => "json"
 15 |     config_param :source_host, :string, :default => ""
 16 |     config_param :exclude_container_regex, :string, :default => ""
 17 |     config_param :exclude_facility_regex, :string, :default => ""
 18 |     config_param :exclude_host_regex, :string, :default => ""
 19 |     config_param :exclude_namespace_regex, :string, :default => ""
 20 |     config_param :exclude_pod_regex, :string, :default => ""
 21 |     config_param :exclude_priority_regex, :string, :default => ""
 22 |     config_param :exclude_unit_regex, :string, :default => ""
 23 |     config_param :add_stream, :bool, :default => true
 24 |     config_param :add_time, :bool, :default => true
 25 | 
 26 |     def configure(conf)
 27 |       super
 28 |     end
 29 | 
 30 |     def is_number?(string)
 31 |       true if Float(string) rescue false
 32 |     end
 33 | 
 34 |     def sanitize_pod_name(k8s_metadata)
 35 |       # Strip out dynamic bits from pod name.
 36 |       # NOTE: Kubernetes deployments append a template hash.
 37 |       # At the moment this can be in 3 different forms:
 38 |       #   1) pre-1.8: numeric in pod_template_hash and pod_parts[-2]
 39 |       #   2) 1.8-1.11: numeric in pod_template_hash, hash in pod_parts[-2]
 40 |       #   3) post-1.11: hash in pod_template_hash and pod_parts[-2]
 41 | 
 42 |       pod_parts = k8s_metadata[:pod].split("-")
 43 |       pod_template_hash = k8s_metadata[:"label:pod-template-hash"]
 44 |       if (pod_template_hash == pod_parts[-2] ||
 45 |           to_hash(pod_template_hash) == pod_parts[-2])
 46 |         k8s_metadata[:pod_name] = pod_parts[0..-3].join("-")
 47 |       else
 48 |         k8s_metadata[:pod_name] = pod_parts[0..-2].join("-")
 49 |       end
 50 |     end
 51 | 
 52 |     def to_hash(pod_template_hash)
 53 |       # Convert the pod_template_hash to an alphanumeric string using the same logic Kubernetes
 54 |       # uses at https://github.com/kubernetes/apimachinery/blob/18a5ff3097b4b189511742e39151a153ee16988b/pkg/util/rand/rand.go#L119
 55 |       alphanums = "bcdfghjklmnpqrstvwxz2456789"
 56 |       pod_template_hash.each_byte.map { |i| alphanums[i.to_i % alphanums.length] }.join("")
 57 |     end
 58 | 
 59 |     def filter(tag, time, record)
 60 |       # Set the sumo metadata fields
 61 |       sumo_metadata = record["_sumo_metadata"] || {}
 62 |       record["_sumo_metadata"] = sumo_metadata
 63 |       log_fields = {}
 64 |       sumo_metadata[:log_format] = @log_format
 65 |       sumo_metadata[:host] = @source_host if @source_host
 66 |       sumo_metadata[:source] = @source_name if @source_name
 67 | 
 68 |       unless @source_category.nil?
 69 |         sumo_metadata[:category] = @source_category.dup
 70 |         unless @source_category_prefix.nil?
 71 |           sumo_metadata[:category].prepend(@source_category_prefix)
 72 |         end
 73 |       end
 74 | 
 75 |       if record.key?("_SYSTEMD_UNIT") and not record.fetch("_SYSTEMD_UNIT").nil?
 76 |         unless @exclude_unit_regex.empty?
 77 |           if Regexp.compile(@exclude_unit_regex).match(record["_SYSTEMD_UNIT"])
 78 |             return nil
 79 |           end
 80 |         end
 81 | 
 82 |         unless @exclude_facility_regex.empty?
 83 |           if Regexp.compile(@exclude_facility_regex).match(record["SYSLOG_FACILITY"])
 84 |             return nil
 85 |           end
 86 |         end
 87 | 
 88 |         unless @exclude_priority_regex.empty?
 89 |           if Regexp.compile(@exclude_priority_regex).match(record["PRIORITY"])
 90 |             return nil
 91 |           end
 92 |         end
 93 | 
 94 |         unless @exclude_host_regex.empty?
 95 |           if Regexp.compile(@exclude_host_regex).match(record["_HOSTNAME"])
 96 |             return nil
 97 |           end
 98 |         end
 99 |       end
100 | 
101 |       # Allow fields to be overridden by annotations
102 |       if record.key?("kubernetes") and not record.fetch("kubernetes").nil?
103 |         # Clone kubernetes hash so we don't override the cache
104 |         kubernetes = record["kubernetes"].clone
105 |         k8s_metadata = {
106 |             :namespace => kubernetes["namespace_name"],
107 |             :pod => kubernetes["pod_name"],
108 |             :pod_id => kubernetes['pod_id'],
109 |             :container => kubernetes["container_name"],
110 |             :source_host => kubernetes["host"],
111 |         }
112 | 
113 | 
114 |         if kubernetes.has_key? "labels"
115 |           kubernetes["labels"].each { |k, v| k8s_metadata["label:#{k}".to_sym] = v }
116 |         end
117 |         if kubernetes.has_key? "namespace_labels"
118 |           kubernetes["namespace_labels"].each { |k, v| k8s_metadata["namespace_label:#{k}".to_sym] = v }
119 |         end
120 |         k8s_metadata.default = "undefined"
121 | 
122 |         annotations = kubernetes.fetch("annotations", {})
123 |         if annotations["sumologic.com/include"] == "true"
124 |           include = true
125 |         else
126 |           include = false
127 |         end
128 | 
129 |         unless @exclude_namespace_regex.empty?
130 |           if Regexp.compile(@exclude_namespace_regex).match(k8s_metadata[:namespace]) and not include
131 |             return nil
132 |           end
133 |         end
134 | 
135 |         unless @exclude_pod_regex.empty?
136 |           if Regexp.compile(@exclude_pod_regex).match(k8s_metadata[:pod]) and not include
137 |             return nil
138 |           end
139 |         end
140 | 
141 |         unless @exclude_container_regex.empty?
142 |           if Regexp.compile(@exclude_container_regex).match(k8s_metadata[:container]) and not include
143 |             return nil
144 |           end
145 |         end
146 | 
147 |         unless @exclude_host_regex.empty?
148 |           if Regexp.compile(@exclude_host_regex).match(k8s_metadata[:source_host]) and not include
149 |             return nil
150 |           end
151 |         end
152 | 
153 |         sanitize_pod_name(k8s_metadata)
154 | 
155 |         if annotations["sumologic.com/exclude"] == "true"
156 |           return nil
157 |         end
158 | 
159 |         sumo_metadata[:log_format] = annotations["sumologic.com/format"] if annotations["sumologic.com/format"]
160 | 
161 |         if annotations["sumologic.com/sourceHost"].nil?
162 |           sumo_metadata[:host] = sumo_metadata[:host] % k8s_metadata
163 |         else
164 |           sumo_metadata[:host] = annotations["sumologic.com/sourceHost"] % k8s_metadata
165 |         end
166 | 
167 |         if annotations["sumologic.com/sourceName"].nil?
168 |           sumo_metadata[:source] = sumo_metadata[:source] % k8s_metadata
169 |         else
170 |           sumo_metadata[:source] = annotations["sumologic.com/sourceName"] % k8s_metadata
171 |         end
172 | 
173 |         if annotations["sumologic.com/sourceCategory"].nil?
174 |           sumo_metadata[:category] = sumo_metadata[:category] % k8s_metadata
175 |         else
176 |           sumo_metadata[:category] = (annotations["sumologic.com/sourceCategory"] % k8s_metadata).prepend(@source_category_prefix)
177 |         end
178 |         sumo_metadata[:category].gsub!("-", @source_category_replace_dash)
179 | 
180 |         # Strip kubernetes metadata from json if disabled
181 |         if annotations["sumologic.com/kubernetes_meta"] == "false" || !@kubernetes_meta
182 |           record.delete("docker")
183 |           record.delete("kubernetes")
184 |         end
185 |         if annotations["sumologic.com/kubernetes_meta_reduce"] == "true" || annotations["sumologic.com/kubernetes_meta_reduce"].nil? && @kubernetes_meta_reduce == true
186 |           record.delete("docker")
187 |           record["kubernetes"].delete("pod_id")
188 |           record["kubernetes"].delete("namespace_id")
189 |           record["kubernetes"].delete("labels")
190 |           record["kubernetes"].delete("namespace_labels")
191 |           record["kubernetes"].delete("master_url")
192 |           record["kubernetes"].delete("annotations")
193 |         end
194 |         if @add_stream == false
195 |           record.delete("stream")
196 |         end
197 |         if @add_time == false
198 |           record.delete("time")
199 |         end
200 |         # Strip sumologic.com annotations
201 |         kubernetes.delete("annotations") if annotations
202 | 
203 |         if @log_format == "fields" and record.key?("docker") and not record.fetch("docker").nil?
204 |           record["docker"].each {|k, v| log_fields[k] = v}
205 |         end
206 | 
207 |         if @log_format == "fields" and record.key?("kubernetes") and not record.fetch("kubernetes").nil?
208 |           if kubernetes.has_key? "labels"
209 |             kubernetes["labels"].each { |k, v| log_fields["pod_labels_#{k}".to_sym] = v }
210 |           end
211 |           if kubernetes.has_key? "namespace_labels"
212 |             kubernetes["namespace_labels"].each { |k, v| log_fields["namespace_labels_#{k}".to_sym] = v }
213 |           end
214 |           log_fields["container"] = kubernetes["container_name"] unless kubernetes["container_name"].nil?
215 |           log_fields["namespace"] = kubernetes["namespace_name"] unless kubernetes["namespace_name"].nil?
216 |           log_fields["pod"] = kubernetes["pod_name"] unless kubernetes["pod_name"].nil?
217 |           ["pod_id", "host", "master_url", "namespace_id", "service", "deployment", "daemonset", "replicaset", "statefulset"].each do |key|
218 |             log_fields[key] = kubernetes[key] unless kubernetes[key].nil?
219 |           end
220 |         end
221 |       end
222 | 
223 |       if @log_format == "fields" and not log_fields.nil?
224 |         sumo_metadata[:fields] = log_fields.map{|k,v| "#{k}=#{v}"}.join(',')
225 |         record.delete("docker")
226 |         record.delete("kubernetes")
227 |       end
228 |       record
229 |     end
230 |   end
231 | end


--------------------------------------------------------------------------------
/screenshots/container.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/fluentd-kubernetes-sumologic/a61f963a9fd893b42ee9ac532a61ac91e98e1546/screenshots/container.png


--------------------------------------------------------------------------------
/screenshots/docker.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/fluentd-kubernetes-sumologic/a61f963a9fd893b42ee9ac532a61ac91e98e1546/screenshots/docker.png


--------------------------------------------------------------------------------
/screenshots/kubelet.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/fluentd-kubernetes-sumologic/a61f963a9fd893b42ee9ac532a61ac91e98e1546/screenshots/kubelet.png


--------------------------------------------------------------------------------
/screenshots/kubernetes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/fluentd-kubernetes-sumologic/a61f963a9fd893b42ee9ac532a61ac91e98e1546/screenshots/kubernetes.png


--------------------------------------------------------------------------------
/test/helper.rb:
--------------------------------------------------------------------------------
 1 | require "simplecov"
 2 | SimpleCov.start
 3 | 
 4 | if ENV["CI"] == "true"
 5 |   require "codecov"
 6 |   SimpleCov.formatter = SimpleCov::Formatter::Codecov
 7 | end
 8 | 
 9 | $LOAD_PATH.unshift(File.expand_path("../../", __FILE__))
10 | require "test-unit"
11 | require "fluent/test"
12 | require "fluent/test/driver/filter"
13 | require "fluent/test/helpers"
14 | 
15 | Test::Unit::TestCase.include(Fluent::Test::Helpers)
16 | Test::Unit::TestCase.extend(Fluent::Test::Helpers)
17 | 


--------------------------------------------------------------------------------