Fluentbit Sumo Logic
Jump to navigation
Jump to search
Syslog & Sumo
Docs
docker-compose.yaml
version: "3.7"
services:
fluent-bit:
image: fluent/fluent-bit
ports:
- "16443:5140"
- "5170:5170"
volumes:
- ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
fluent-bit.conf
[SERVICE]
Flush 1
Parsers_File parsers.conf
[INPUT]
Name tcp
Listen 0.0.0.0
Port 5170
Chunk_Size 32
Buffer_Size 64
Format json
[INPUT]
Name syslog
# Parser syslog-rfc3164
Parser syslog-rfc5424
Listen 0.0.0.0
Port 5140
Mode tcp
[INPUT]
Name syslog
Parser syslog-rfc5424
Listen 0.0.0.0
Port 5140
Mode udp
[OUTPUT]
Name stdout
Match *
[OUTPUT]
Name opentelemetry
Match *
Host endpoint1.collection.us2.sumologic.com
Port 443
Metrics_uri /receiver/v1/otlp/Za...A4mw==/v1/metrics
Logs_uri /receiver/v1/otlp/Za...A4mw==/v1/logs
Traces_uri /receiver/v1/otlp/Za..4mw==/v1/traces
Log_response_payload True
Tls On
send.sh
ip="172.19.0.2"
logger --tcp --port 5140 -n $ip "Test message tcp1"
logger --udp --port 5140 -n $ip "Test message udp1"
echo '{"key 1": 123456789, "key 2": "abcdefg"}' | nc -q 3 127.0.0.1 5170
Query
_collector=mycollector | where host = "myhost"
Parsers & Notes
# Parser syslog-rfc3164
# [PARSER]
# Name syslog-rfc5424
# Format regex
# Regex ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]|-)) (?<message>.+)$
# Time_Key time
# Time_Format %Y-%m-%dT%H:%M:%S.%L
# Time_Keep On
# Types pid:integer