beholder-fluentd-plugin 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c03a4c467ac2112d3ac1af80b66bf88b3f0cf27fec9c5bc8f919f04b3ccf3bdc
+  data.tar.gz: 2d9c3b5aaf2d762215f74b5cdc7ff46113b5226449ac4f5b9283169ec6c735e8
+SHA512:
+  metadata.gz: 5ff735035ba9b1d5ec466c457827e04a7f40ffebf34492491cb23ac751fa0bb7b52abbaed13158134f47b91afb6e32ff0272882235c55239f2396b095f7444b4
+  data.tar.gz: dc1209a43605b50a4d5b15fc995256097644a8ad0eaabc081500c15218c8e8be0a583750682e7e6315f90567ae1ef0eeb1bb938a7b3d79b74373e309915469b5

data/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -0,0 +1,89 @@
+# Fluentd output plugin
+
+[Fluentd](https://fluentd.org/) is a data collector for unified logging layer, it can be configured with the Loki output plugin, provided in this folder, to ship logs to Loki.
+
+See [docs/client/fluentd/README.md](../../docs/sources/clients/fluentd/_index.md) for detailed information.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `ruby -S bundle exec rake install`. To release a new version, update the version number in `fluent-plugin-grafana-loki.gemspec`, and then run `ruby -S bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+To create the gem: `ruby -S gem build fluent-plugin-grafana-loki.gemspec`
+
+Useful additions:
+
+```bash
+ruby -S gem install rubocop
+```
+
+## Testing
+
+Start Loki using:
+
+```bash
+docker run -it -p 3100:3100 grafana/loki:latest
+```
+
+Verify that Loki accept and stores logs:
+
+```bash
+curl -H "Content-Type: application/json" -XPOST -s "http://localhost:3100/loki/api/v1/push" --data-raw "{\"streams\": [{\"stream\": {\"job\": \"test\"}, \"values\": [[\"$(date +%s)000000000\", \"fizzbuzz\"]]}]}"
+curl "http://localhost:3100/loki/api/v1/query_range" --data-urlencode 'query={job="test"}' --data-urlencode 'step=300' | jq .data.result
+```
+
+The expected output is:
+
+```json
+[
+  {
+    "stream": {
+      "job": "test"
+    },
+    "values": [
+      [
+        "1588337198000000000",
+        "fizzbuzz"
+      ]
+    ]
+  }
+]
+```
+
+Start and send test logs with Fluentd using:
+
+```bash
+LOKI_URL=http://{{ IP }}:3100 make fluentd-test
+```
+
+Verify that syslogs are being feeded into Loki:
+
+```bash
+curl "http://localhost:3100/loki/api/v1/query_range" --data-urlencode 'query={job="fluentd"}' --data-urlencode 'step=300' | jq .data.result
+```
+
+The expected output is:
+
+```json
+[
+  {
+    "stream": {
+      "job": "fluentd"
+    },
+    "values": [
+      [
+        "1588336950379591919",
+        "log=\"May  1 14:42:30 ibuprofen avahi-daemon[859]: New relevant interface vethb503225.IPv6 for mDNS.\""
+      ],
+      ...
+    ]
+  }
+]
+```
+
+## Copyright
+
+* Copyright(c) 2018- Grafana Labs
+* License
+  * Apache License, Version 2.0

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'gems/fluent/plugin/out_loki'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ruby --version
+echo ""
+ruby -S gem install bundler --version 2.3.4
+ruby -S bundle config set --local path $(pwd)/vendor/bundle
+ruby -S bundle install

data/bin/test

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ruby -S bundle exec rspec

data/lib/fluent/plugin/out_loki.rb

@@ -0,0 +1,368 @@
+# frozen_string_literal: true
+
+#
+# Copyright 2018- Grafana Labs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'fluent/env'
+require 'fluent/plugin/output'
+require 'net/http'
+require 'yajl'
+require 'time'
+
+module Fluent
+  module Plugin
+    # Subclass of Fluent Plugin Output
+    class LokiOutput < Fluent::Plugin::Output # rubocop:disable Metrics/ClassLength
+      Fluent::Plugin.register_output('loki', self)
+
+      class LogPostError < StandardError; end
+
+      helpers :compat_parameters, :record_accessor
+
+      attr_accessor :record_accessors
+
+      DEFAULT_BUFFER_TYPE = 'memory'
+
+      desc 'Loki API base URL'
+      config_param :url, :string, default: 'https://logs-prod-us-central1.grafana.net'
+
+      desc 'Authentication: basic auth credentials'
+      config_param :username, :string, default: nil
+      config_param :password, :string, default: nil, secret: true
+
+      desc 'Authentication: Authorization header with Bearer token scheme'
+      config_param :bearer_token_file, :string, default: nil
+
+      desc 'TLS: parameters for presenting a client certificate'
+      config_param :cert, :string, default: nil
+      config_param :key, :string, default: nil
+
+      desc 'TLS: CA certificate file for server certificate verification'
+      config_param :ca_cert, :string, default: nil
+
+      desc 'TLS: disable server certificate verification'
+      config_param :insecure_tls, :bool, default: false
+
+      desc 'Loki tenant id'
+      config_param :tenant, :string, default: nil
+
+      desc 'extra labels to add to all log streams'
+      config_param :extra_labels, :hash, default: {}
+
+      desc 'format to use when flattening the record to a log line'
+      config_param :line_format, :enum, list: %i[json key_value], default: :key_value
+
+      desc 'extract kubernetes labels as loki labels'
+      config_param :extract_kubernetes_labels, :bool, default: false
+
+      desc 'comma separated list of needless record keys to remove'
+      config_param :remove_keys, :array, default: %w[], value_type: :string
+
+      desc 'if a record only has 1 key, then just set the log line to the value and discard the key.'
+      config_param :drop_single_key, :bool, default: false
+
+      desc 'whether or not to include the fluentd_thread label when multiple threads are used for flushing'
+      config_param :include_thread_label, :bool, default: true
+
+      config_section :buffer do
+        config_set_default :@type, DEFAULT_BUFFER_TYPE
+        config_set_default :chunk_keys, []
+      end
+
+      # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      def configure(conf)
+        compat_parameters_convert(conf, :buffer)
+        super
+        @uri = URI.parse("#{@url}/loki/api/v1/push")
+        unless @uri.is_a?(URI::HTTP) || @uri.is_a?(URI::HTTPS)
+          raise Fluent::ConfigError, 'URL parameter must have HTTP/HTTPS scheme'
+        end
+
+        @record_accessors = {}
+        conf.elements.select { |element| element.name == 'label' }.each do |element|
+          element.each_pair do |k, v|
+            element.has_key?(k) # rubocop:disable Style/PreferredHashMethods #to suppress unread configuration warning
+            v = k if v.empty?
+            @record_accessors[k] = record_accessor_create(v)
+          end
+        end
+        @remove_keys_accessors = []
+        @remove_keys.each do |key|
+          @remove_keys_accessors.push(record_accessor_create(key))
+        end
+
+        # If configured, load and validate client certificate (and corresponding key)
+        if client_cert_configured?
+          load_client_cert
+          validate_client_cert_key
+        end
+
+        if !@bearer_token_file.nil? && !File.exist?(@bearer_token_file)
+          raise "bearer_token_file #{@bearer_token_file} not found"
+        end
+
+        @auth_token_bearer = nil
+        unless @bearer_token_file.nil?
+          raise "bearer_token_file #{@bearer_token_file} not found" unless File.exist?(@bearer_token_file)
+
+          # Read the file once, assume long-lived authentication token.
+          @auth_token_bearer = File.read(@bearer_token_file)
+          raise "bearer_token_file #{@bearer_token_file} is empty" if @auth_token_bearer.empty?
+
+          log.info "will use Bearer token from bearer_token_file #{@bearer_token_file} in Authorization header"
+        end
+
+        raise "CA certificate file #{@ca_cert} not found" if !@ca_cert.nil? && !File.exist?(@ca_cert)
+      end
+      # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+      def client_cert_configured?
+        !@key.nil? && !@cert.nil?
+      end
+
+      def load_client_cert
+        @cert = OpenSSL::X509::Certificate.new(File.read(@cert)) if @cert
+        @key = OpenSSL::PKey.read(File.read(@key)) if @key
+      end
+
+      def validate_client_cert_key
+        if !@key.is_a?(OpenSSL::PKey::RSA) && !@key.is_a?(OpenSSL::PKey::DSA)
+          raise "Unsupported private key type #{key.class}"
+        end
+      end
+
+      def multi_workers_ready?
+        true
+      end
+
+      # flush a chunk to loki
+      def write(chunk)
+        # streams by label
+        payload = generic_to_loki(chunk)
+        body = { 'streams' => payload }
+
+        tenant = extract_placeholders(@tenant, chunk) if @tenant
+
+        # add ingest path to loki url
+        res = loki_http_request(body, tenant)
+
+        if res.is_a?(Net::HTTPSuccess)
+          log.debug "POST request was responded to with status code #{res.code}"
+          return
+        end
+
+        res_summary = "#{res.code} #{res.message} #{res.body}"
+        log.warn "failed to write post to #{@uri} (#{res_summary})"
+        log.debug Yajl.dump(body)
+
+        # Only retry 429 and 500s
+        raise(LogPostError, res_summary) if res.is_a?(Net::HTTPTooManyRequests) || res.is_a?(Net::HTTPServerError)
+      end
+
+      def http_request_opts(uri)
+        opts = {
+          use_ssl: uri.scheme == 'https'
+        }
+
+        # Optionally disable server server certificate verification.
+        if @insecure_tls
+          opts = opts.merge(
+            verify_mode: OpenSSL::SSL::VERIFY_NONE
+          )
+        end
+
+        # Optionally present client certificate
+        if !@cert.nil? && !@key.nil?
+          opts = opts.merge(
+            cert: @cert,
+            key: @key
+          )
+        end
+
+        # For server certificate verification: set custom CA bundle.
+        # Only takes effect when `insecure_tls` is not set.
+        unless @ca_cert.nil?
+          opts = opts.merge(
+            ca_file: @ca_cert
+          )
+        end
+        opts
+      end
+
+      def generic_to_loki(chunk)
+        # log.debug("GenericToLoki: converting #{chunk}")
+        streams = chunk_to_loki(chunk)
+        payload_builder(streams)
+      end
+
+      private
+
+      def loki_http_request(body, tenant)
+        req = Net::HTTP::Post.new(
+          @uri.request_uri
+        )
+        req.add_field('Content-Type', 'application/json')
+        req.add_field('Authorization', "Bearer #{@auth_token_bearer}") unless @auth_token_bearer.nil?
+        req.add_field('X-Scope-OrgID', tenant) if tenant
+        req.body = Yajl.dump(body)
+        req.basic_auth(@username, @password) if @username
+
+        opts = http_request_opts(@uri)
+
+        msg = "sending #{req.body.length} bytes to loki"
+        msg += " (tenant: \"#{tenant}\")" if tenant
+        log.debug msg
+
+        Net::HTTP.start(@uri.host, @uri.port, **opts) { |http| http.request(req) }
+      end
+
+      def numeric?(val)
+        !Float(val).nil?
+      rescue StandardError
+        false
+      end
+
+      def format_labels(data_labels)
+        formatted_labels = {}
+        # merge extra_labels with data_labels. If there are collisions extra_labels win.
+        data_labels = {} if data_labels.nil?
+        data_labels = data_labels.merge(@extra_labels)
+        # sanitize label values
+        data_labels.each { |k, v| formatted_labels[k] = v.gsub('"', '\\"') if v.is_a?(String) }
+        formatted_labels
+      end
+
+      def payload_builder(streams)
+        payload = []
+        streams.each do |k, v|
+          # create a stream for each label set.
+          # Additionally sort the entries by timestamp just in case we
+          # got them out of order.
+          entries = v.sort_by.with_index { |hsh, i| [hsh['ts'], i] }
+          payload.push(
+            'stream' => format_labels(k),
+            'values' => entries.map { |e| [e['ts'].to_s, e['line']] }
+          )
+        end
+        payload
+      end
+
+      def to_nano(time)
+        # time is a Fluent::EventTime object, or an Integer which represents unix timestamp (seconds from Epoch)
+        # https://docs.fluentd.org/plugin-development/api-plugin-output#chunk-each-and-block
+        if time.is_a?(Fluent::EventTime)
+          time.to_i * (10**9) + time.nsec
+        else
+          time.to_i * (10**9)
+        end
+      end
+
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      def record_to_line(record)
+        line = ''
+        if @drop_single_key && record.keys.length == 1
+          line = record[record.keys[0]]
+        else
+          case @line_format
+          when :json
+            line = Yajl.dump(record)
+          when :key_value
+            formatted_labels = []
+            record.each do |k, v|
+              # Remove non UTF-8 characters by force-encoding the string
+              v = v.encode('utf-8', invalid: :replace, undef: :replace, replace: '?') if v.is_a?(String)
+              # Escape double quotes and backslashes by prefixing them with a backslash
+              v = v.to_s.gsub(/(["\\])/, '\\\\\1')
+              if v.include?(' ') || v.include?('=')
+                formatted_labels.push(%(#{k}="#{v}"))
+              else
+                formatted_labels.push(%(#{k}=#{v}))
+              end
+            end
+            line = formatted_labels.join(' ')
+          end
+        end
+        line
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+      # convert a line to loki line with labels
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      def line_to_loki(record)
+        chunk_labels = {}
+        line = ''
+        if record.is_a?(Hash)
+          @record_accessors&.each do |name, accessor|
+            new_key = name.gsub(%r{[.\-/]}, '_')
+            chunk_labels[new_key] = accessor.call(record)
+            accessor.delete(record)
+          end
+
+          if @extract_kubernetes_labels && record.key?('kubernetes')
+            kubernetes_labels = record['kubernetes']['labels']
+            kubernetes_labels&.each_key do |l|
+              new_key = l.gsub(%r{[.\-/]}, '_')
+              chunk_labels[new_key] = kubernetes_labels[l]
+            end
+          end
+
+          # remove needless keys.
+          @remove_keys_accessors&.each do |deleter|
+            deleter.delete(record)
+          end
+
+          line = record_to_line(record)
+        else
+          line = record.to_s
+        end
+
+        # add buffer flush thread title as a label if there are multiple flush threads
+        # this prevents "entry out of order" errors in loki by making the label constellation
+        # unique per flush thread
+        # note that flush thread != fluentd worker. if you use multiple workers you still need to
+        # add the worker id as a label
+        if @include_thread_label && @buffer_config.flush_thread_count > 1
+          chunk_labels['fluentd_thread'] = Thread.current[:_fluentd_plugin_helper_thread_title].to_s
+        end
+
+        # return both the line content plus the labels found in the record
+        {
+          line: line,
+          labels: chunk_labels
+        }
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+      # iterate through each chunk and create a loki stream entry
+      def chunk_to_loki(chunk)
+        streams = {}
+        chunk.each do |time, record|
+          # each chunk has a unique set of labels
+          result = line_to_loki(record)
+          chunk_labels = result[:labels]
+          # initialize a new stream with the chunk_labels if it does not exist
+          streams[chunk_labels] = [] if streams[chunk_labels].nil?
+          # NOTE: timestamp must include nanoseconds
+          # append to matching chunk_labels key
+          streams[chunk_labels].push(
+            'ts' => to_nano(time),
+            'line' => result[:line]
+          )
+        end
+        streams
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,153 @@
+--- !ruby/object:Gem::Specification
+name: beholder-fluentd-plugin
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- cglrn
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2022-09-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.9.3
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.9.3
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Output plugin to ship logs to a Grafana Loki server
+email:
+- caglareren@yahoo.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- bin/console
+- bin/setup
+- bin/test
+- lib/fluent/plugin/out_loki.rb
+homepage: https://github.com/grafana/loki/
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Output plugin to ship logs to a Grafana Loki server
+test_files: []