mgoodness/fluentd-config.yaml

## fluentd-config.yaml
---
kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    app: fluentd
  name: fluentd-cloudwatch-logs
  namespace: kube-system
data:
  aws-region: us-east-1
  td-agent-config: |
    <source>
      @type tail
      format json
      path /var/log/containers/*.log
      pos_file /var/log/containers.log.pos
      read_from_head true
      tag kubernetes.*
      time_format %Y-%m-%dT%H:%M:%S.%NZ
    </source>

    <source>
      @type systemd
      path /var/log/journal
      pos_file /var/log/systemd.pos
      read_from_head true
      strip_underscores true
      tag systemd
    </source>

    <filter kubernetes.var.log.containers.*.log>
      @type kubernetes_metadata
      preserve_json_log false
    </filter>

    <filter kubernetes.var.log.containers.*.log>
      @type record_transformer
      enable_ruby
      <record>
        kubernetes_pod_name ${tag_parts[4].gsub(/(?<pod_name>[^\._]+).+/, '\k<pod_name>')}
        kubernetes_container_name ${tag_parts[4].gsub(/.+_.+_(?<container_name>.+)-.+/, '\k<container_name>')}
      </record>
    </filter>

    <match kubernetes.var.log.containers.*.log>
      @type rewrite_tag_filter
      rewriterule1 logger_name ^com\.widen\.metrics\.(.+)\..*$ metrics.$1
      rewriterule2 kubernetes_pod_name .+ k8s
    </match>

    <match fluent.**>
      @type null
    </match>

    <match metrics.**>
      @type cloudwatch_logs
      auto_create_stream true
      log_stream_name_key kubernetes_pod_name
      remove_log_stream_name_key true
      use_tag_as_group true
    </match>

    <match k8s>
      @type cloudwatch_logs
      auto_create_stream true
      log_group_name_key kubernetes_container_name
      log_stream_name_key kubernetes_pod_name
      remove_log_group_name_key true
      remove_log_stream_name_key true
    </match>

    <match systemd>
      @type cloudwatch_logs
      auto_create_stream true
      log_group_name stage-systemd
      log_stream_name %{hostname}
    </match>
	---
	kind: ConfigMap
	apiVersion: v1
	metadata:
	labels:
	app: fluentd
	name: fluentd-cloudwatch-logs
	namespace: kube-system
	data:
	aws-region: us-east-1
	td-agent-config: \|
	<source>
	@type tail
	format json
	path /var/log/containers/*.log
	pos_file /var/log/containers.log.pos
	read_from_head true
	tag kubernetes.*
	time_format %Y-%m-%dT%H:%M:%S.%NZ
	</source>

	<source>
	@type systemd
	path /var/log/journal
	pos_file /var/log/systemd.pos
	read_from_head true
	strip_underscores true
	tag systemd
	</source>

	<filter kubernetes.var.log.containers.*.log>
	@type kubernetes_metadata
	preserve_json_log false
	</filter>

	<filter kubernetes.var.log.containers.*.log>
	@type record_transformer
	enable_ruby
	<record>
	kubernetes_pod_name ${tag_parts[4].gsub(/(?<pod_name>[^\._]+).+/, '\k<pod_name>')}
	kubernetes_container_name ${tag_parts[4].gsub(/.+_.+_(?<container_name>.+)-.+/, '\k<container_name>')}
	</record>
	</filter>

	<match kubernetes.var.log.containers.*.log>
	@type rewrite_tag_filter
	rewriterule1 logger_name ^com\.widen\.metrics\.(.+)\..*$ metrics.$1
	rewriterule2 kubernetes_pod_name .+ k8s
	</match>

	<match fluent.**>
	@type null
	</match>

	<match metrics.**>
	@type cloudwatch_logs
	auto_create_stream true
	log_stream_name_key kubernetes_pod_name
	remove_log_stream_name_key true
	use_tag_as_group true
	</match>

	<match k8s>
	@type cloudwatch_logs
	auto_create_stream true
	log_group_name_key kubernetes_container_name
	log_stream_name_key kubernetes_pod_name
	remove_log_group_name_key true
	remove_log_stream_name_key true
	</match>

	<match systemd>
	@type cloudwatch_logs
	auto_create_stream true
	log_group_name stage-systemd
	log_stream_name %{hostname}
	</match>