Project

fluent-plugin-notifier

0.01
No commit activity in last 3 years
No release in over 3 years
fluent-plugin-notifiertagomoris/fluent-plugin-notifierHomepageDocumentationSource CodeBug TrackerWiki
check matched messages and emit alert message with throttling by conditions...
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
185,169
Stars
18
Forks
4
Watchers
3
 Releases
Current version
1.0.0
Total releases
10
First release
2012-05-15
Latest release
2017-02-01
 Issues
Open Issues
0
Closed Issues
1
Total Issues
1
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
4
Merged Pull Requests
7
Pull Request Acceptance Rate
63%
 Development
Primary Language
Ruby
Licenses
Apache-2.0
Average date of last 50 commits
2015-08-06
Reverse Dependencies
0

 Dependencies

Development

rake
>= 0
test-unit
~> 3.0

Runtime

fluentd
>= 0.14.0
 Project Readme

fluent-plugin-notifier

Fluentd plugin to emit notifications for messages, with numbers over/under threshold, or specified pattern strings.

Requirements

fluent-plugin-notifier fluentd ruby
>= 1.0.0 >= v0.14.0 >= 2.1
< 1.0.0 < v0.14.0 >= 1.9

Configuration

To notify apache logs with over 1000000 (microseconds) duration for CRITICAL , or status '500' by string pattern match:

<match apache.log.**>
  @type notifier
  @label @notification_events
  <def>
    pattern apache_duration
    check numeric_upward
    warn_threshold  800000
    crit_threshold 1000000
    target_keys duration
  </def>
  <def>
    pattern status_500
    check string_find
    warn_regexp 5\d\d
    crit_regexp 500
    target_key_pattern ^status.*$
    exclude_key_pattern ^status_ignore_.*$  # key name not to notify about...
  </def>
</match>

With this configuration, you will get notification messages in <label @notification_events> section, like this:

2012-05-15 19:44:29 +0900 notification: {"pattern":"apache_duration","target_tag":"apache.log.xxx","target_key":"duration","check_type":"numeric_upward","level":"crit","threshold":1000000,"value":"1057231","message_time":"2012-05-15 19:44:27 +0900"}
2012-05-15 19:44:29 +0900 notification: {"pattern":"status_500","target_tag":"apache.log.xxx","target_key":"status","check_type":"string_find","level":"crit","regexp":"/500/","value":"500","message_time":"2012-05-15 19:44:27 +0900"}

Available 'check' types: 'numeric_upward', 'numeric_downward' and 'string_find'

Default configurations:

  • tag: 'notification'
    • in top level, 'default_tag', 'default_tag_warn,' and 'default_tag_crit' available
    • in each section, 'tag', 'tag_warn' and 'tag_crit' available
  • notification suppression
    • at first, notified once in 1 minute, 5 times
    • next, notified once in 5 minutes, 5 times
    • last, notified once in 30 minutes
    • in top level, 'default_interval_1st', 'default_interval_2nd', 'default_interval_3rd', 'default_repetitions_1st' and 'default_repetitions_2nd' available
    • in each section, 'interval_1st', 'interval_2nd', 'interval_3rd', 'repetitions_1st' and 'repetitions_2nd' available

If you want to get every 5 minutes notifications (after 1 minutes notifications), specify '0' for 'repetitions_2nd'.

Message Testing

To include specified messages into check target, or to exclude specified messages from check target, directive is useful.

<match apache.log.**>
  @type notifier
  @label @notifications
  <test>
    check numeric
    target_key duration     # microseconds
    lower_threshold 5000    # 5ms
    upper_threshold 5000000 # 5s
  </test>
  <def>
    pattern status_500
    check string_find
    warn_regexp 5\d\d
    crit_regexp 500
    target_key_pattern ^status.*$
  </def>
</match>

<label @notifications>
  <match **>
    # send notifications to Slack, email or ...
  </match>
</label>

With configuration above, fluent-plugin-notifier checks messages with specified duration value (d: 5000 <= d <= 5000000), and others are ignored.

Available 'check' types are: 'numeric', 'regexp' and 'tag'.

  • numeric
    • 'lower_threshold', 'upper_threshold' and both are available
  • regexp, tag
    • 'include_pattern', 'exclude_pattern' and both are available
    • 'tag' checks tag strings after 'input_tag_remove_prefix'

Multiple directives means logical AND of each tests.

<match apache.log.**>
  @type notifier
  @label @notifications
  input_tag_remove_prefix apache.log
  <test>
    check tag
    include_pattern ^news[123]$ # for specified web server log
  </test>
  <test>
    check numeric
    target_key duration     # microseconds
    lower_threshold 5000    # 5ms
  </test>
  <test>
    check regexp
    target_key vhost
    exclude_pattern ^image.news.example.com$  # ingore image delivery server log
  </test>
  <test>
    check regexp
    target_key path
    include_pattern ^/path/to/contents/    # for specified content path only
    exclude_pattern \.(gif|jpg|png|swf)$   # but image files are ignored
  </test>
  <def>
    pattern status_500
    check string_find
    warn_regexp 5\d\d
    crit_regexp 500
    target_key_pattern ^status.*$
  </def>
</match>

Notifier plugin configured like this will check messages:

  • with tag 'apache.log.news1', 'apache.log.news2' or 'apache.log.news3'
  • with duration bigger than 5ms (upper unlimited)
  • without vhost image.news.example.com
  • with request path '/path/to/contents/*' and without file suffix gif/jpg/png/swf.

TODO

  • patches welcome!

Copyright

  • Copyright
    • Copyright (c) 2012- TAGOMORI Satoshi (tagomoris)
  • License
    • Apache License, Version 2.0