Project

fluent-plugin-parser-cri

0.12
There's a lot of open issues
No release in over a year
fluent-plugin-parser-crifluent/fluent-plugin-parser-criHomepageDocumentationSource CodeBug TrackerWiki
CRI log format parser for Fluentd
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
4,075,839
Stars
32
Forks
8
Watchers
17
 Releases
Current version
0.1.1
Total releases
2
First release
2020-12-18
Latest release
2021-06-14
 Issues
Open Issues
2
Closed Issues
5
Total Issues
7
Issue Closure Rate
71%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
6
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
Apache-2.0
Average date of last 50 commits
2021-12-17
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 2.1
rake
~> 13.0
test-unit
~> 3.3

Runtime

fluentd
>= 1
 Project Readme

fluent-plugin-parser-cri

Fluentd parser plugin to parse CRI logs.

CRI logs consist of time, stream, logtag and message parts like below:

2020-10-10T00:10:00.333333333Z stdout F Hello Fluentd

time: 2020-10-10T00:10:00.333333333Z
stream: stdout
logtag: F
message: Hello Fluentd

Installation

RubyGems

$ gem install fluent-plugin-parser-cri --no-document

Configuration

  • merge_cri_fields (bool) (optional): Put stream/logtag fields or not when <parse> section is specified. Default is true

<parse> section (optional)

Same as parser plugin configuration.

<parse>
  @type cri
  <parse>
    @type json
  </parse>
</parse>

This nested <parse> is used for parsing message part.

Log and configuration example

Basic case

<parse>
  @type cri
</parse>

With this configuration, following CRI log

2020-10-10T00:10:00.333333333Z stdout F Hello Fluentd

is parsed to

time: 2020-10-10T00:10:00.333333333Z
record: {"stream":"stdout","logtag":"F","message":"Hello Fluentd","time':'2020-10-10T00:10:00.333333333Z"}

Parse message part with parsers

By specifying <parse> section, you can parse message part with parser plugins.

<parse>
  @type cri
  <parse>
    @type json
    time_key time
    time_format %Y-%m-%dT%H:%M:%S.%L%z
    # keep_time_key true # if you want to keep "time" field, enable this parameter
  </parse>
</parse>

With this configuration, following CRI log

2020-10-10T00:10:00.333333333Z stdout F {"foo":"bar","num":100,"time":"2020-11-11T00:11:00.111111111Z"}

is parsed to

time: 2020-11-11T00:11:00.111111111Z
record: {"foo":"bar","num":100,"stream":"stdout","logtag":"F"}

If you don't need stream/logtag fields, set merge_cri_fields false like below:

<parse>
  @type cri
  merge_cri_fields false
  <parse>
    @type json
    time_key time
    time_format %Y-%m-%dT%H:%M:%S.%L%z
  </parse>
</parse>

Concatenate multiple message records into one

If you want to concatenate the following message records into one record, use @type concat filter plugin with use_partial_cri_logtag parameter.

2020-10-10 09:10:00.333333333 +0900 cri: {"stream":"stdout","logtag":"P","message":"This is first line","time":"2020-10-10T00:10:00.333333333Z"}
2020-10-10 09:11:00.333333333 +0900 cri: {"stream":"stdout","logtag":"F","message":"This is last line","time":"2020-10-10T00:11:00.333333333Z"}

See fluent-plugin-concat's usage in more details.

Copyright

  • Copyright(c) 2020- Fluentd project
  • License
    • Apache License, Version 2.0