Fluentular: a Fluentd regular expression editor

Example (Apache)

Regular expression:

^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$

Time Format:

%d/%b/%Y:%H:%M:%S %z

Configuration

Copy and paste to fluent.conf or td-agent.conf

<source>
  type tail
  path /var/log/foo/bar.log
  pos_file /var/log/td-agent/foo-bar.log.pos
  tag foo.bar
  format /^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\]/
</source>

Data Inspector

Attributes

Key	Value
time	2024/04/23 18:44:16 +0000

Records

Key	Value
remote	173.245.62.248
host	-
user	-