add support for multi-line log messages

SumoLogic · Jul 29, 2017 · 5940ee3 · 5940ee3
1 parent 48bd8cb
commit 5940ee3
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -8,7 +8,7 @@ USER root
 RUN [ -f /bin/entrypoint.sh ] && /bin/entrypoint.sh echo || : && \
     apt-get update && \
     apt-get install -y build-essential ruby-dev libffi-dev libsystemd-dev && \
-    gem install fluent-plugin-systemd fluent-plugin-record-reformer fluent-plugin-kubernetes_metadata_filter fluent-plugin-sumologic_output && \
+    gem install fluent-plugin-systemd fluent-plugin-record-reformer fluent-plugin-kubernetes_metadata_filter fluent-plugin-sumologic_output fluent-plugin-concat && \
     rm -rf /home/fluent/.gem/ruby/2.3.0/cache/*.gem && \
     gem sources -c && \
     apt-get remove --purge -y build-essential ruby-dev libffi-dev libsystemd-dev && \
@@ -33,6 +33,8 @@ ENV KUBERNETES_META "true"
 ENV READ_FROM_HEAD "true"
 ENV FLUENTD_SOURCE "file"
 ENV FLUENTD_USER_CONFIG_DIR "/fluentd/conf.d/user"
+ENV MULTILINE_START_REGEXP "/^\w{3} \d{1,2}, \d{4}/"
+ENV CONCAT_SEPARATOR ""
 
 COPY ./conf.d/ /fluentd/conf.d/
 COPY ./etc/* /fluentd/etc/

diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ kubectl create -f fluentd.daemonset.yaml
 
 #### Helm
 
-A helm chart can also install the daemonset, secret, etc. 
+A helm chart can also install the daemonset, secret, etc.
 
 ```
 helm install --name sumo --set sumologic.collectorUrl=YOUR-URL-HERE stable/sumologic-fluentd
@@ -51,6 +51,8 @@ The following options can be configured as environment variables on the DaemonSe
   * json_merge - Same as json but if the container logs in json format to stdout it will merge in the container json log at the root level and remove the `log` field.
 * `KUBERNETES_META` - Include or exclude Kubernetes metadata such as namespace and pod_name if using json log format. (default `true`)
 * `READ_FROM_HEAD` - Start to read the logs from the head of file, not bottom. Only applies to containers log files. (default `true`). See [in_tail](http://docs.fluentd.org/v0.12/articles/in_tail#readfromhead) doc for more information.
+* `MULTILINE_START_REGEXP` - Regex to tell the `concat` plugin to use when merging multi-line messages. Defaults to Julian dates (e.g. Jul 29, 2017...)
+* `CONCAT_SEPARATOR` - The character to use to delimit lines within the final concat'd message. This defaults to "" since most multi-line messages contain a newline at the end of each line.
 * `EXCLUDE_PATH` - Files matching this pattern will be ignored by the in_tail plugin, and will not be sent to Kubernetes or Sumo Logic.  This can be a comma seperated list as well.  See [in_tail](http://docs.fluentd.org/v0.12/articles/in_tail#excludepath) doc for more information.
   * For example, setting EXCLUDE_PATH to the following would ignore all files matching /var/log/containers/*.log
 ```

diff --git a/conf.d/file/source.containers.conf b/conf.d/file/source.containers.conf
@@ -10,6 +10,13 @@
   read_from_head "#{ENV['READ_FROM_HEAD']}"
 </source>
 
+<filter containers.**>
+  @type concat
+  key log
+  multiline_start_regexp "#{ENV['MULTILINE_START_REGEXP']}"
+  separator "#{ENV['CONCAT_SEPARATOR']}"
+</filter>
+
 <filter containers.**>
   @type kubernetes_metadata
   annotation_match ["sumologic\.com.*"]

diff --git a/fluentd.daemonset.yaml b/fluentd.daemonset.yaml
@@ -1,15 +1,15 @@
 apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
-  name: fluentd
+  name: fluentd-sumologic
   labels:
-    app: fluentd
+    app: fluentd-sumologic
     version: v1
 spec:
   template:
     metadata:
       labels:
-        name: fluentd
+        name: fluentd-sumologic
     spec:
       volumes:
       - name: pos-files
@@ -41,4 +41,4 @@ spec:
           valueFrom:
             secretKeyRef:
               name: sumologic
-              key: collector-url
+              key: collector-url