Configuration
Copy and paste to fluent.conf or td-agent.conf
<source>
type tail
path /var/log/foo/bar.log
pos_file /var/log/td-agent/foo-bar.log.pos
tag foo.bar
format /(?<remote_addr>[^ ]*) - \[(?<proxy_protocol_addr>[^ ]*)\] - (?<remote_user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<request>[^\"]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*) "(?<referer>[^\"]*)" "(?<agent>[^\"]*)" (?<request_length>[^ ]*) (?<request_time>[^ ]*) \[(?<proxy_upstream_name>[^ ]*)\] (?<upstream_addr>[^ ]*) (?<upstream_response_length>[^ ]*) (?<upstream_response_time>[^ ]*) (?<upstream_status>[^ ]*)/
time_format %d/%b/%Y:%H:%M:%S %z
</source>
type tail
path /var/log/foo/bar.log
pos_file /var/log/td-agent/foo-bar.log.pos
tag foo.bar
format /(?<remote_addr>[^ ]*) - \[(?<proxy_protocol_addr>[^ ]*)\] - (?<remote_user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<request>[^\"]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*) "(?<referer>[^\"]*)" "(?<agent>[^\"]*)" (?<request_length>[^ ]*) (?<request_time>[^ ]*) \[(?<proxy_upstream_name>[^ ]*)\] (?<upstream_addr>[^ ]*) (?<upstream_response_length>[^ ]*) (?<upstream_response_time>[^ ]*) (?<upstream_status>[^ ]*)/
time_format %d/%b/%Y:%H:%M:%S %z
</source>
Data Inspector
Attributes
| Key | Value |
|---|---|
| time | 2017/11/10 00:12:42 +0000 |
Records
| Key | Value |
|---|---|
| remote_addr | 192.168.196.96 |
| proxy_protocol_addr | 192.168.196.97 |
| remote_user | redflex |
| method | GET |
| request | /api/v1/login/status |
| code | 200 |
| size | 92 |
| referer | https://dashboard.rts.onl/ |
| agent | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 |
| request_length | 550 |
| request_time | 0.002 |
| proxy_upstream_name | kube-system-kubernetes-dashboard-80 |
| upstream_addr | 100.112.15.1:9090 |
| upstream_response_length | 92 |
| upstream_response_time | 0.002 |
| upstream_status | 200 |