Difference between revisions of "Fluentbit Sumo Logic"

From UVOO Tech Wiki
Jump to navigation Jump to search
(Created page with "# Syslog & Sumo ## docker-compose.yaml ``` version: "3.7" services: fluent-bit: image: fluent/fluent-bit ports: - "16443:5140" volumes: - ./fluent-...")
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
# Syslog & Sumo
 
# Syslog & Sumo
 +
 +
## Docs
 +
- https://help.sumologic.com/docs/send-data/hosted-collectors/http-source/otlp/
  
 
## docker-compose.yaml
 
## docker-compose.yaml
Line 10: Line 13:
 
     ports:
 
     ports:
 
       - "16443:5140"
 
       - "16443:5140"
 +
      - "5170:5170"
 
     volumes:
 
     volumes:
 
       - ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
 
       - ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
Line 20: Line 24:
 
     Flush        1
 
     Flush        1
 
     Parsers_File parsers.conf
 
     Parsers_File parsers.conf
 +
 +
[INPUT]
 +
    Name        tcp
 +
    Listen      0.0.0.0
 +
    Port        5170
 +
    Chunk_Size  32
 +
    Buffer_Size 64
 +
    Format      json
  
  
Line 58: Line 70:
 
logger --tcp --port 5140 -n $ip "Test message tcp1"
 
logger --tcp --port 5140 -n $ip "Test message tcp1"
 
logger --udp --port 5140 -n $ip "Test message udp1"
 
logger --udp --port 5140 -n $ip "Test message udp1"
 +
echo '{"key 1": 123456789, "key 2": "abcdefg"}' | nc -q 3 127.0.0.1 5170
  
 
```
 
```

Latest revision as of 17:33, 27 May 2023

Syslog & Sumo

Docs

docker-compose.yaml

version: "3.7"

services:
  fluent-bit:
    image: fluent/fluent-bit
    ports:
      - "16443:5140"
      - "5170:5170"
    volumes:
      - ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf

fluent-bit.conf

[SERVICE]
    Flush        1
    Parsers_File parsers.conf

[INPUT]
    Name        tcp
    Listen      0.0.0.0
    Port        5170
    Chunk_Size  32
    Buffer_Size 64
    Format      json


[INPUT]
    Name     syslog
    # Parser   syslog-rfc3164
    Parser   syslog-rfc5424
    Listen   0.0.0.0
    Port     5140
    Mode     tcp

[INPUT]
    Name     syslog
    Parser   syslog-rfc5424
    Listen   0.0.0.0
    Port     5140
    Mode     udp

[OUTPUT]
    Name      stdout
    Match     *

[OUTPUT]
    Name                 opentelemetry
    Match                *
    Host                 endpoint1.collection.us2.sumologic.com
    Port                 443
    Metrics_uri          /receiver/v1/otlp/Za...A4mw==/v1/metrics
    Logs_uri             /receiver/v1/otlp/Za...A4mw==/v1/logs
    Traces_uri           /receiver/v1/otlp/Za..4mw==/v1/traces
    Log_response_payload True
    Tls                  On

send.sh

ip="172.19.0.2"
logger --tcp --port 5140 -n $ip "Test message tcp1"
logger --udp --port 5140 -n $ip "Test message udp1"
echo '{"key 1": 123456789, "key 2": "abcdefg"}' | nc -q 3 127.0.0.1 5170

Query

_collector=mycollector | where host = "myhost"

Parsers & Notes

 # Parser   syslog-rfc3164
# [PARSER]
#     Name        syslog-rfc5424
#     Format      regex
#     Regex       ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]|-)) (?<message>.+)$
#     Time_Key    time
#     Time_Format %Y-%m-%dT%H:%M:%S.%L
#     Time_Keep   On
#     Types pid:integer
Retrieved from "https://tech.uvoo.io/index.php?title=Fluentbit_Sumo_Logic&oldid=4264"