inouetakuya/td-agent.conf

## td-agent.conf
# ステップバイステップで学ぶ Fluentd + GrowthForecast でグラフ作成まとめ - 彼女からは、おいちゃんと呼ばれています
# http://d.hatena.ne.jp/inouetakuya/20130216/1361015295

<source>
  type forward
</source>

<match apache.access>
  type copy

  <store>
    type file_alternative
    path /var/log/td-agent/httpd-access
    time_slice_format %Y%m%d
    output_include_time false
    output_include_tag false
    output_data_type attr:message
    add_newline true
  </store>

  <store>
    type parser
    add_prefix parsed
    format /^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<status>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)" (?<response_time>[^ ]*))?$/
    time_format %d/%b/%Y:%H:%M:%S %z
    key_name message
  </store>
</match>

<match parsed.apache.access>
  type copy

  <store>
    type file
    path /var/log/td-agent/parsed-httpd-access
  </store>

  <store>
    type rewrite
    remove_prefix parsed
    add_prefix filtered
    <rule>
      key path
      pattern ^\/(?:assets|thumbnails|favicon)
      ignore true
    </rule>
    <rule>
      key     status
      pattern ^(?!200)\d+$
      ignore  true
    </rule>
    <rule>
      key     method
      pattern ^(?!GET).+$
      ignore  true
    </rule>
  </store>
</match>

<match filtered.apache.access>
  type copy

  <store>
    type file
    path /var/log/td-agent/filtered-httpd-access
  </store>

  <store>
    type rewrite
    remove_prefix filtered
    add_prefix grouped
    <rule>
      key path
      pattern ^\/$
      replace /top
    </rule>
    <rule>
      key path
      pattern ^\/(top|videos|tags)
      append_to_tag true
      fallback others
    </rule>
  </store>
</match>

<match grouped.apache.access.**>
  type copy

  <store>
    type file
    path /var/log/td-agent/grouped-httpd-access
  </store>

  <store>
    type forest
    subtype amplifier_filter
    remove_prefix grouped
    <template>
      add_prefix amplified
      ratio 0.001
      key_names response_time
    </template>
  </store>
</match>

<match amplified.apache.access.**>
  type copy
  <store>
    type file
    path /var/log/td-agent/amplified-httpd-access
  </store>

  <store>
    type forest
    subtype numeric_monitor
    remove_prefix amplified.apache.access

    <template>
      unit minute
      tag apache.response_time.__TAG__
      aggregate all
      monitor_key response_time
      percentiles 90,95
    </template>
  </store>
</match>

<match apache.response_time.**>
  type copy

  <store>
    type file
    path /var/log/td-agent/httpd-response-time
  </store>

  <store>
    type growthforecast
    gfapi_url http://（GrowthForecast の IP アドレス）/api/
    service myservice
    tag_for section
    name_keys avg,max,min,percentile_90,percentile_95
  </store>
</match>

<match apache.error>
  type file_alternative
  path /var/log/td-agent/httpd-error
  time_slice_format %Y%m%d
  output_include_time false
  output_include_tag false
  output_data_type attr:message
  add_newline true
</match>
	# ステップバイステップで学ぶ Fluentd + GrowthForecast でグラフ作成まとめ - 彼女からは、おいちゃんと呼ばれています
	# http://d.hatena.ne.jp/inouetakuya/20130216/1361015295

	<source>
	type forward
	</source>

	<match apache.access>
	type copy

	<store>
	type file_alternative
	path /var/log/td-agent/httpd-access
	time_slice_format %Y%m%d
	output_include_time false
	output_include_tag false
	output_data_type attr:message
	add_newline true
	</store>

	<store>
	type parser
	add_prefix parsed
	format /^(?<host>[^ ]) [^ ] (?<user>[^ ]) \[(?<time>[^\]])\] "(?<method>\S+)(?: +(?<path>[^ ]) +\S)?" (?<status>[^ ]) (?<size>[^ ])(?: "(?<referer>[^\"])" "(?<agent>[^\"])" (?<response_time>[^ ]*))?$/
	time_format %d/%b/%Y:%H:%M:%S %z
	key_name message
	</store>
	</match>

	<match parsed.apache.access>
	type copy

	<store>
	type file
	path /var/log/td-agent/parsed-httpd-access
	</store>

	<store>
	type rewrite
	remove_prefix parsed
	add_prefix filtered
	<rule>
	key path
	pattern ^\/(?:assets\|thumbnails\|favicon)
	ignore true
	</rule>
	<rule>
	key status
	pattern ^(?!200)\d+$
	ignore true
	</rule>
	<rule>
	key method
	pattern ^(?!GET).+$
	ignore true
	</rule>
	</store>
	</match>

	<match filtered.apache.access>
	type copy

	<store>
	type file
	path /var/log/td-agent/filtered-httpd-access
	</store>

	<store>
	type rewrite
	remove_prefix filtered
	add_prefix grouped
	<rule>
	key path
	pattern ^\/$
	replace /top
	</rule>
	<rule>
	key path
	pattern ^\/(top\|videos\|tags)
	append_to_tag true
	fallback others
	</rule>
	</store>
	</match>

	<match grouped.apache.access.**>
	type copy

	<store>
	type file
	path /var/log/td-agent/grouped-httpd-access
	</store>

	<store>
	type forest
	subtype amplifier_filter
	remove_prefix grouped
	<template>
	add_prefix amplified
	ratio 0.001
	key_names response_time
	</template>
	</store>
	</match>

	<match amplified.apache.access.**>
	type copy
	<store>
	type file
	path /var/log/td-agent/amplified-httpd-access
	</store>

	<store>
	type forest
	subtype numeric_monitor
	remove_prefix amplified.apache.access

	<template>
	unit minute
	tag apache.response_time.__TAG__
	aggregate all
	monitor_key response_time
	percentiles 90,95
	</template>
	</store>
	</match>

	<match apache.response_time.**>
	type copy

	<store>
	type file
	path /var/log/td-agent/httpd-response-time
	</store>

	<store>
	type growthforecast
	gfapi_url http://（GrowthForecast の IP アドレス）/api/
	service myservice
	tag_for section
	name_keys avg,max,min,percentile_90,percentile_95
	</store>
	</match>

	<match apache.error>
	type file_alternative
	path /var/log/td-agent/httpd-error
	time_slice_format %Y%m%d
	output_include_time false
	output_include_tag false
	output_data_type attr:message
	add_newline true
	</match>