RubyGems - fluent-plugin-cloudwatch-ingest - Versions diffs - 1.1.0 → 1.2.0 - Mend

fluent-plugin-cloudwatch-ingest 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +11 -0
data/README.md +25 -6
data/lib/fluent/plugin/cloudwatch/ingest/version.rb +1 -1
data/lib/fluent/plugin/in_cloudwatch_ingest.rb +1 -0
data/lib/fluent/plugin/parser_cloudwatch_ingest.rb +42 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 284c46daa64025bff3faa261efa317eed76257ea
-  data.tar.gz: 6fdbe82b7723d0f7e03c5c5e38346a7ca6274e97
+  metadata.gz: 9099fc9a7106d463763eedd19d543e9e1023231c
+  data.tar.gz: 2d0203a3edd8f96f7a0f25a71dadf79b1d6f8c3d
 SHA512:
-  metadata.gz: 70cdaf653605e98b277717969c47fc54570204d3cc0d4f5a0e1c0228e1cf845587821609d41a23a7a728a5d1cd70be05b62eb296524e1956efde87ebd9eaf95b
-  data.tar.gz: 21f9998c51a1f117ccf09d5a864a82df7dcaff27f55ec93d5dd642223ced0182ea26795e209363ed76ef8a18ca97f1c67970fc6805cc1628b39588b9638e4db5
+  metadata.gz: 41d7a5122379a9e2c8ff975e61b49475e2a1ee31b7ca3bba5aa468e5913f7d1ed2f71e7175f7fb2a2fef3c5a1f844150fc9a35054e0d235152b1fe39ba18132e
+  data.tar.gz: 39c4c78a663a47054c147e785075de17eb70f12933eb42a1f4e821485cb7e59bed17d260babe967b22edb84687213dafdbd6f7fa0a478e61eccb13eff265cc9a

data/CHANGELOG.md CHANGED Viewed

@@ -36,3 +36,14 @@
 * Remove streams from state file that are no longer present (@chaeyk)
 * Apply `error_interval` when failing to get statefile lock (@chaeyk)
 * `api_interval` deprecated in favour of `error_interval`
+## 1.1.0
+* Update aws-sdk runtime dependency
+## 1.2.0
+* Add the ability to inject both the `ingestion_time returned from the the Cloudwatch Logs API, and the time that this plugin ingested the event into the record.
+* Add telemetry to the parser
+Both of these changes are designed to make debugging ingestion problems from high-volume log groups easier.

data/README.md CHANGED Viewed

@@ -1,5 +1,5 @@
 # Fluentd Cloudwatch Plugin
-[![Circle CI](https://circleci.com/gh/sampointer/fluent-plugin-cloudwatch-ingest.svg?style=shield)](https://circleci.com/gh/sampointer/fluent-plugin-cloudwatch-ingest) [![Gem Version](https://badge.fury.io/rb/fluent-plugin-cloudwatch-ingest.svg)](https://badge.fury.io/rb/fluent-plugin-cloudwatch-ingest) ![](http://ruby-gem-downloads-badge.herokuapp.com/fluent-plugin-cloudwatch-ingest?type=total) [![Join the chat at https://gitter.im/fluent-plugin-cloudwatch-ingest](https://badges.gitter.im/fluent-plugin-cloudwatch-ingest.svg)](https://gitter.im/fluent-plugin-cloudwatch-ingest/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link)[![Dependency Status](https://gemnasium.com/badges/github.com/sampointer/fluent-plugin-cloudwatch-ingest.svg)](https://gemnasium.com/github.com/sampointer/fluent-plugin-cloudwatch-ingest)
+[![Circle CI](https://circleci.com/gh/sampointer/fluent-plugin-cloudwatch-ingest.svg?style=shield)](https://circleci.com/gh/sampointer/fluent-plugin-cloudwatch-ingest) [![Gem Version](https://badge.fury.io/rb/fluent-plugin-cloudwatch-ingest.svg)](https://badge.fury.io/rb/fluent-plugin-cloudwatch-ingest) ![](http://ruby-gem-downloads-badge.herokuapp.com/fluent-plugin-cloudwatch-ingest?type=total) [![Join the chat at https://gitter.im/fluent-plugin-cloudwatch-ingest](https://badges.gitter.im/fluent-plugin-cloudwatch-ingest.svg)](https://gitter.im/fluent-plugin-cloudwatch-ingest/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link) [![Dependency Status](https://gemnasium.com/badges/github.com/sampointer/fluent-plugin-cloudwatch-ingest.svg)](https://gemnasium.com/github.com/sampointer/fluent-plugin-cloudwatch-ingest)
 ## Introduction
@@ -49,11 +49,15 @@ Or install it yourself as:
     @type cloudwatch_ingest
     expression /^(?<message>.+)$/
     time_format %Y-%m-%d %H:%M:%S.%L
-    event_time true               # take time from the Cloudwatch event, rather than parse it from the body
-    inject_group_name true        # inject the group name into the record
-    inject_stream_name true       # inject the stream name into the record
-    parse_json_body false         # Attempt to parse the body as json and add structured fields from the result
-    fail_on_unparsable_json false # If the body cannot be parsed as json do not ingest the record
+    event_time true                             # take time from the Cloudwatch event, rather than parse it from the body
+    inject_group_name true                      # inject the group name into the record
+    inject_stream_name true                     # inject the stream name into the record
+    inject_cloudwatch_ingestion_time field_name # inject the `ingestion_time` as returned by the Cloudwatch API
+    inject_plugin_ingestion_time field_name     # inject the 13 digit epoch time at which the plugin ingested the event
+    parse_json_body false                       # Attempt to parse the body as json and add structured fields from the result
+    fail_on_unparsable_json false               # If the body cannot be parsed as json do not ingest the record
+    telemetry false                             # Produce statsd telemetry
+    statsd_endpoint localhost              # Endpoint to which telemetry should be sent
   </parse>
 </source>
 ```
@@ -81,6 +85,11 @@ If `fail_on_unparsable_json` is set to `true` a record body consisting of malfor
 The `expression` is applied before JSON parsing is attempted. One may therefore extract a JSON fragment from within the event body if it is decorated with additional free-form text.
+### High volume Log Groups
+If you're having ingestion problems from high volume log groups you're advised to enable telemetry in both the main plugin and the parser, and to also set both `inject_cloudwatch_ingestion_time` and `inject_plugin_ingestion_time` to `true`.
+This will enable your telemetry system to plot the state of your rate limiting, the effect of the ingestion delay _inside_ Cloudwatch Logs (`timestamp` vs `ingestion_time`) and take appropriate tuning action.
 ### Telemetry
 With `telemetry` set to `true` and a valid `statsd_endpoint` the plugin will emit telemetry in statsd format to 8125:UDP. It is up to you to configure your statsd-speaking daemon to add any prefix or tagging that you might want.
@@ -97,6 +106,16 @@ api.calls.getlogevents.invalid_token
 events.emitted.success
 ```
+Likewise when telemetry is enabled for the parser, the emitted metrics are:
+```
+parser.record.attempted
+parser.record.success
+parser.json.success     # if json parsing is enabled
+parser.json.failed      # if json parsing is enabled
+parser.ingestion_skew   # the difference between `timestamp` and `ingestion_time` as returned by the Cloudwatch API
+```
 ### Sub-second timestamps
 When using `event_time true` the `@timestamp` field for the record is taken from the time recorded against the event by Cloudwatch. This is the most common mode to run in as it's an easy path to normalization: all of your Lambdas or other AWS service need not have the same, valid, `time_format` nor a regex that matches every case.

data/lib/fluent/plugin/cloudwatch/ingest/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Fluent
   module Plugin
     module Cloudwatch
       module Ingest
-        VERSION = '1.1.0'.freeze
+        VERSION = '1.2.0'.freeze
       end
     end
   end

data/lib/fluent/plugin/in_cloudwatch_ingest.rb CHANGED Viewed

@@ -5,6 +5,7 @@ require 'fluent/plugin/parser'
 require 'json'
 require 'pathname'
 require 'psych'
+require 'statsd-ruby'
 module Fluent::Plugin
   class CloudwatchIngestInput < Fluent::Plugin::Input

data/lib/fluent/plugin/parser_cloudwatch_ingest.rb CHANGED Viewed

@@ -1,6 +1,8 @@
+require 'date'
 require 'fluent/plugin/parser_regexp'
 require 'fluent/time'
 require 'multi_json'
+require 'statsd-ruby'
 module Fluent
   module Plugin
@@ -11,9 +13,13 @@ module Fluent
       config_param :time_format, :string, default: '%Y-%m-%d %H:%M:%S.%L'
       config_param :event_time, :bool, default: true
       config_param :inject_group_name, :bool, default: true
+      config_param :inject_cloudwatch_ingestion_time, :string, default: false
+      config_param :inject_plugin_ingestion_time, :string, default: false
       config_param :inject_stream_name, :bool, default: true
       config_param :parse_json_body, :bool, default: false
       config_param :fail_on_unparsable_json, :bool, default: false
+      config_param :telemetry, :bool, default: false
+      config_param :statsd_endpoint, :string, default: 'localhost'
       def initialize
         super
@@ -21,9 +27,21 @@ module Fluent
       def configure(conf)
         super
+        @statsd = Statsd.new @statsd_endpoint, 8125 if @telemetry
+      end
+      def metric(method, name, value = 0)
+        case method
+        when :increment
+          @statsd.send(method, name) if @telemetry
+        else
+          @statsd.send(method, name, value) if @telemetry
+        end
       end
       def parse(event, group, stream)
+        metric(:increment, 'parser.record.attempted')
         time = nil
         record = nil
         super(event.message) do |t, r|
@@ -38,10 +56,12 @@ module Fluent
             # message into the record we'd bork on
             # nested keys. Force level one Strings.
             json_body = MultiJson.load(record['message'])
+            metric(:increment, 'parser.json.success')
             json_body.each_pair do |k, v|
               record[k.to_s] = v.to_s
             end
           rescue MultiJson::ParseError
+            metric(:increment, 'parser.json.failed')
             if @fail_on_unparsable_json
               yield nil, nil
               return
@@ -53,6 +73,27 @@ module Fluent
         record['log_group_name'] = group if @inject_group_name
         record['log_stream_name'] = stream if @inject_stream_name
+        if @inject_plugin_ingestion_time
+          now = DateTime.now
+          record[@inject_plugin_ingestion_time] = now.iso8601
+        end
+        if @inject_cloudwatch_ingestion_time
+          epoch_ms = event.ingestion_time.to_f / 1000
+          time = Time.at(epoch_ms)
+          record[@inject_cloudwatch_ingestion_time] =
+            time.to_datetime.iso8601(3)
+        end
+        # Optionally emit cloudwatch event and ingestion time skew telemetry
+        if @telemetry
+          metric(
+            :gauge,
+            'parser.ingestion_skew',
+            event.ingestion_time - event.timestamp
+          )
+        end
         # We do String processing on the event time here to
         # avoid rounding errors introduced by floating point
         # arithmetic.
@@ -61,6 +102,7 @@ module Fluent
         time = Fluent::EventTime.new(event_s, event_ns) if @event_time
+        metric(:increment, 'parser.record.success')
         yield time, record
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-cloudwatch-ingest
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Sam Pointer
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-07-07 00:00:00.000000000 Z
+date: 2017-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -168,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.11
+rubygems_version: 2.6.12
 signing_key:
 specification_version: 4
 summary: Fluentd plugin to ingest AWS Cloudwatch logs