jaimegag/fluent-bit-configmap-kafka.yaml

## fluent-bit-configmap-kafka.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: fluent-bit-config
  namespace: tanzu-system-logging
  labels:
    k8s-app: fluent-bit
data:
  # Configuration files: server, input, filters and output
  # ======================================================
  fluent-bit.conf: |
    [SERVICE]
        Flush         1
        Log_Level     info
        Daemon        off
        Parsers_File  parsers.conf
        HTTP_Server   On
        HTTP_Listen   0.0.0.0
        HTTP_Port     2020

    @INCLUDE input-kubernetes.conf
    @INCLUDE input-audit.conf
    @INCLUDE filter-kubernetes.conf
    @INCLUDE filter-record.conf
    @INCLUDE output-kafka.conf
  input-kubernetes.conf: |
    [INPUT]
        Name              tail
        Tag               kube.*
        Path              /var/log/containers/*.log
        Parser            cri
        DB                /var/log/flb_kube.db
        Mem_Buf_Limit     5MB
        Skip_Long_Lines   On
        Refresh_Interval  10
  input-audit.conf: |
    [INPUT]
        Name              tail
        Tag               kube_audit.*
        Path              /var/log/kubernetes/audit.log
        Parser            json
        DB                /var/log/flb_kube_audit.db
        Refresh_Interval  10
  filter-kubernetes.conf: |
    [FILTER]
        Name                kubernetes
        Match               kube.*
        Kube_URL            https://kubernetes.default.svc:443
        Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
        Kube_Tag_Prefix     kube.var.log.containers.
        Merge_Log           On
        Merge_Log_Key       log_processed
        K8S-Logging.Parser  On
        K8S-Logging.Exclude Off
  filter-record.conf: |
    [FILTER]
        Name                record_modifier
        Match               *
        Record tkg_cluster <TKG_CLUSTER_NAME>
        Record tkg_instance <TKG_INSTANCE_NAME>
  output-kafka.conf: |
    [OUTPUT]
        Name           kafka
        Match          *
        Brokers        bitkafka-0.bitkafka-headless.default.svc.cluster.local:9092
        Topics         test
        Timestamp_Key  @timestamp
        Retry_Limit    false
        # hides errors "Receive failed: Disconnected" when kafka kills idle connections
        rdkafka.log.connection.close false
        # producer buffer is not included in http://fluentbit.io/documentation/0.12/configuration/memory_usage.html#estimating
        rdkafka.queue.buffering.max.kbytes 10240
        # for logs you'll probably want this to be 0 or 1, not more
        rdkafka.request.required.acks 1
        rdkafka.sasl.username user
        rdkafka.sasl.password pass
  parsers.conf: |
    [PARSER]
        Name   apache
        Format regex
        Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name   apache2
        Format regex
        Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name   apache_error
        Format regex
        Regex  ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$

    [PARSER]
        Name   nginx
        Format regex
        Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name   json
        Format json
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name        docker
        Format      json
        Time_Key    time
        Time_Format %Y-%m-%dT%H:%M:%S.%L
        Time_Keep   On

    [PARSER]
        # http://rubular.com/r/tjUt3Awgg4
        Name cri
        Format regex
        Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<message>.*)$
        Time_Key    time
        Time_Format %Y-%m-%dT%H:%M:%S.%L%z

    [PARSER]
        Name        syslog-rfc5424
        Format      regex
        Regex       ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]|-)) (?<message>.+)$
        Time_Key    time
        Time_Format %Y-%m-%dT%H:%M:%S.%L
        Time_Keep   On

    [PARSER]
        Name        syslog-rfc3164-local
        Format      regex
        Regex       ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
        Time_Key    time
        Time_Format %b %d %H:%M:%S
        Time_Keep   On

    [PARSER]
        Name        syslog-rfc3164
        Format      regex
        Regex       /^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/
        Time_Key    time
        Time_Format %b %d %H:%M:%S
        Time_Format %Y-%m-%dT%H:%M:%S.%L
        Time_Keep   On

    [PARSER]
        Name    kube-custom
        Format  regex
        Regex   (?<tag>[^.]+)?\.?(?<pod_name>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace_name>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: fluent-bit-config
	namespace: tanzu-system-logging
	labels:
	k8s-app: fluent-bit
	data:
	# Configuration files: server, input, filters and output
	# ======================================================
	fluent-bit.conf: \|
	[SERVICE]
	Flush 1
	Log_Level info
	Daemon off
	Parsers_File parsers.conf
	HTTP_Server On
	HTTP_Listen 0.0.0.0
	HTTP_Port 2020

	@INCLUDE input-kubernetes.conf
	@INCLUDE input-audit.conf
	@INCLUDE filter-kubernetes.conf
	@INCLUDE filter-record.conf
	@INCLUDE output-kafka.conf
	input-kubernetes.conf: \|
	[INPUT]
	Name tail
	Tag kube.*
	Path /var/log/containers/*.log
	Parser cri
	DB /var/log/flb_kube.db
	Mem_Buf_Limit 5MB
	Skip_Long_Lines On
	Refresh_Interval 10
	input-audit.conf: \|
	[INPUT]
	Name tail
	Tag kube_audit.*
	Path /var/log/kubernetes/audit.log
	Parser json
	DB /var/log/flb_kube_audit.db
	Refresh_Interval 10
	filter-kubernetes.conf: \|
	[FILTER]
	Name kubernetes
	Match kube.*
	Kube_URL https://kubernetes.default.svc:443
	Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
	Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
	Kube_Tag_Prefix kube.var.log.containers.
	Merge_Log On
	Merge_Log_Key log_processed
	K8S-Logging.Parser On
	K8S-Logging.Exclude Off
	filter-record.conf: \|
	[FILTER]
	Name record_modifier
	Match *
	Record tkg_cluster <TKG_CLUSTER_NAME>
	Record tkg_instance <TKG_INSTANCE_NAME>
	output-kafka.conf: \|
	[OUTPUT]
	Name kafka
	Match *
	Brokers bitkafka-0.bitkafka-headless.default.svc.cluster.local:9092
	Topics test
	Timestamp_Key @timestamp
	Retry_Limit false
	# hides errors "Receive failed: Disconnected" when kafka kills idle connections
	rdkafka.log.connection.close false
	# producer buffer is not included in http://fluentbit.io/documentation/0.12/configuration/memory_usage.html#estimating
	rdkafka.queue.buffering.max.kbytes 10240
	# for logs you'll probably want this to be 0 or 1, not more
	rdkafka.request.required.acks 1
	rdkafka.sasl.username user
	rdkafka.sasl.password pass
	parsers.conf: \|
	[PARSER]
	Name apache
	Format regex
	Regex ^(?<host>[^ ]) [^ ] (?<user>[^ ]) \[(?<time>[^\]])\] "(?<method>\S+)(?: +(?<path>[^\"]?)(?: +\S)?)?" (?<code>[^ ]) (?<size>[^ ])(?: "(?<referer>[^\"])" "(?<agent>[^\"])")?$
	Time_Key time
	Time_Format %d/%b/%Y:%H:%M:%S %z

	[PARSER]
	Name apache2
	Format regex
	Regex ^(?<host>[^ ]) [^ ] (?<user>[^ ]) \[(?<time>[^\]])\] "(?<method>\S+)(?: +(?<path>[^ ]) +\S)?" (?<code>[^ ]) (?<size>[^ ])(?: "(?<referer>[^\"])" "(?<agent>[^\"])")?$
	Time_Key time
	Time_Format %d/%b/%Y:%H:%M:%S %z

	[PARSER]
	Name apache_error
	Format regex
	Regex ^\[[^ ]* (?<time>[^\]])\] \[(?<level>[^\]])\](?: \[pid (?<pid>[^\]])\])?( \[client (?<client>[^\]])\])? (?<message>.*)$

	[PARSER]
	Name nginx
	Format regex
	Regex ^(?<remote>[^ ]) (?<host>[^ ]) (?<user>[^ ]) \[(?<time>[^\]])\] "(?<method>\S+)(?: +(?<path>[^\"]?)(?: +\S)?)?" (?<code>[^ ]) (?<size>[^ ])(?: "(?<referer>[^\"])" "(?<agent>[^\"])")?$
	Time_Key time
	Time_Format %d/%b/%Y:%H:%M:%S %z

	[PARSER]
	Name json
	Format json
	Time_Key time
	Time_Format %d/%b/%Y:%H:%M:%S %z

	[PARSER]
	Name docker
	Format json
	Time_Key time
	Time_Format %Y-%m-%dT%H:%M:%S.%L
	Time_Keep On

	[PARSER]
	# http://rubular.com/r/tjUt3Awgg4
	Name cri
	Format regex
	Regex ^(?<time>[^ ]+) (?<stream>stdout\|stderr) (?<logtag>[^ ]) (?<message>.)$
	Time_Key time
	Time_Format %Y-%m-%dT%H:%M:%S.%L%z

	[PARSER]
	Name syslog-rfc5424
	Format regex
	Regex ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*)\]\|-)) (?<message>.+)$
	Time_Key time
	Time_Format %Y-%m-%dT%H:%M:%S.%L
	Time_Keep On

	[PARSER]
	Name syslog-rfc3164-local
	Format regex
	Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]) (?<ident>[a-zA-Z0-9_\/\.\-])(?:\[(?<pid>[0-9]+)\])?(?:[^\:]\:)? (?<message>.*)$
	Time_Key time
	Time_Format %b %d %H:%M:%S
	Time_Keep On

	[PARSER]
	Name syslog-rfc3164
	Format regex
	Regex /^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]) (?<host>[^ ]) (?<ident>[a-zA-Z0-9_\/\.\-])(?:\[(?<pid>[0-9]+)\])?(?:[^\:]\:)? (?<message>.)$/
	Time_Key time
	Time_Format %b %d %H:%M:%S
	Time_Format %Y-%m-%dT%H:%M:%S.%L
	Time_Keep On

	[PARSER]
	Name kube-custom
	Format regex
	Regex (?<tag>[^.]+)?\.?(?<pod_name>[a-z0-9](?:[-a-z0-9][a-z0-9])?(?:\.[a-z0-9]([-a-z0-9][a-z0-9])?)*)_(?<namespace_name>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$