Difference between revisions of "Fluentbit Sumo Logic"
Jump to navigation
Jump to search
(Created page with "# Syslog & Sumo ## docker-compose.yaml ``` version: "3.7" services: fluent-bit: image: fluent/fluent-bit ports: - "16443:5140" volumes: - ./fluent-...") |
|||
| Line 1: | Line 1: | ||
# Syslog & Sumo | # Syslog & Sumo | ||
| + | |||
| + | ## Docs | ||
| + | - https://help.sumologic.com/docs/send-data/hosted-collectors/http-source/otlp/ | ||
## docker-compose.yaml | ## docker-compose.yaml | ||
Revision as of 17:03, 27 May 2023
Syslog & Sumo
Docs
docker-compose.yaml
version: "3.7"
services:
fluent-bit:
image: fluent/fluent-bit
ports:
- "16443:5140"
volumes:
- ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
fluent-bit.conf
[SERVICE]
Flush 1
Parsers_File parsers.conf
[INPUT]
Name syslog
# Parser syslog-rfc3164
Parser syslog-rfc5424
Listen 0.0.0.0
Port 5140
Mode tcp
[INPUT]
Name syslog
Parser syslog-rfc5424
Listen 0.0.0.0
Port 5140
Mode udp
[OUTPUT]
Name stdout
Match *
[OUTPUT]
Name opentelemetry
Match *
Host endpoint1.collection.us2.sumologic.com
Port 443
Metrics_uri /receiver/v1/otlp/Za...A4mw==/v1/metrics
Logs_uri /receiver/v1/otlp/Za...A4mw==/v1/logs
Traces_uri /receiver/v1/otlp/Za..4mw==/v1/traces
Log_response_payload True
Tls On
send.sh
ip="172.19.0.2" logger --tcp --port 5140 -n $ip "Test message tcp1" logger --udp --port 5140 -n $ip "Test message udp1"
Query
_collector=mycollector | where host = "myhost"
Parsers & Notes
# Parser syslog-rfc3164
# [PARSER]
# Name syslog-rfc5424
# Format regex
# Regex ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]|-)) (?<message>.+)$
# Time_Key time
# Time_Format %Y-%m-%dT%H:%M:%S.%L
# Time_Keep On
# Types pid:integer