Created
April 8, 2020 13:26
-
-
Save phnahes/5ea83b00976f625f3e8e955db3231d2f to your computer and use it in GitHub Desktop.
Fluentd configuration for dnsquery logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <source> | |
| @type tail | |
| path "/var/log/named/dnsquery.log" | |
| pos_file "/var/log/td-agent/dnsquery.pos" | |
| tag "es.dnsquery" | |
| format /^(?<time>[^ ]* [^ ]*) [^.]* (?<ip>[^ ][^#]*).(?<port>[^ ][^ ]*). [^ ]* [^ ]* (?<fqdn>[^ ]*) (?<rectype>[^ ]* [^ ]* [^ ]*) (?<dnsserver>[^ ]*\d*)$/ | |
| time_format %d-%b-%Y %H:%M:%S.%L | |
| </source> | |
| <match es.**> | |
| @type "aws-elasticsearch-service" | |
| #type_name "access_log" | |
| logstash_format true | |
| include_tag_key true | |
| tag_key "@log_name" | |
| flush_interval 1s | |
| bulk_message_request_threshold 1M | |
| <buffer> | |
| flush_thread_count 8 | |
| flush_interval 2s | |
| chunk_limit_size 8M | |
| queue_limit_length 64 | |
| retry_max_interval 30 | |
| retry_forever true | |
| </buffer> | |
| <endpoint> | |
| url https://<elasticsearch> | |
| region sa-east-1 | |
| # access_key_id "secret" | |
| # # secret_access_key "seekret" | |
| </endpoint> | |
| </match> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment