fluent-plugin-newrelic 1.1.1 → 1.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6dbed0d5014d5685b57429081cbdc0dc5198f0ecccfe0dc523571efa6ea50ad5
-  data.tar.gz: f98c59dca5ccdb35c0c3cf0032864177da7ae34342b9e2471d68f6b54a7f6bbf
+  metadata.gz: 7982f3b3dc21e8b82c8016c6f7ee6d2d4dad24128d754ad4c03a41a7e99f97d0
+  data.tar.gz: 3b2f2b9fe1e80f538a11c0171db58f7268eeaef01f35abd4130db6168946797d
 SHA512:
-  metadata.gz: 88d7afb9aabd9ab5552bc48fe3aaa06f6dced0dc62e7178c5abefb4bd36e9cd147b9395a582da1f7eec864c5991ca44eb4fc55391db35d447d3e11aa36cd2ad0
-  data.tar.gz: efcdfef5a81b079e4badf992a6976874142e951ef70e26a872a86b01392f2cbca913ac8ed6117d3519d3d8d078e000d27465e6ddd72846654112bf1799a803c1
+  metadata.gz: 4376c990dad117a8a4f64c1a469aae6018352584cbb375c7a88fea2d2f78c0474202fceea91d68d8be8a5e53e16d025f2dc0fdcae518f15ae4eb56080bc01de9
+  data.tar.gz: 91dec110d12f79f9104c5485f956477198cddad9fda0d0fddaae59800f895f4323d9fde1b4e6ac3f32fa4a9e50a5fdfdd67e08a4fc3cd7f132f54a8dc36730b2

data/.gitignore

@@ -5,8 +5,9 @@
 /coverage/
 /doc/
 /pkg/
-/spec/reports/
+/test/reports/
 /tmp/
 .DS_Store
 .ruby-version
 .idea/
+*.gem

data/DEVELOPER.md

@@ -9,9 +9,10 @@
 * Run tests: `bundle exec rspec`
 * Build the gem: `gem build newrelic-fluentd-output.gemspec`
 
-**NOTE**: Be mindful that using `log.info` in the plugin causes an unintended Sorcerer's 
-Apprentice Syndrome style bug where exponentially larger copies of log messages are sent until the 
-td-agent is unloaded. Super weird, but now you know.
+**NOTE**: Be mindful that if you are using 'match **', that using `log.info` in the plugin can cause an unintended 
+Sorcerer's Apprentice Syndrome issue where exponentially larger copies of log messages are sent until the 
+td-agent is unloaded. To prevent this, use match tags specific to your source (so use `<match tag_from_your_source>`
+instead of `<match **>`), so that your output plugin does not also pick up things that Fluentd logs.
 
 ## Testing on MacOS
 
@@ -22,17 +23,17 @@ td-agent is unloaded. Super weird, but now you know.
 * `sudo vi /etc/td-agent/td-agent.conf`
 * Add the following:
 ```
-<match **>
-  @type newrelic
-  api_key (your-api-key)
-</match>
-
 <source>
   @type tail
   format none
   path /usr/local/var/log/test.log
   tag test
 </source>
+
+<match test>
+  @type newrelic
+  api_key (your-api-key)
+</match>
 ```
 
 ### Testing plugin
@@ -43,34 +44,3 @@ td-agent is unloaded. Super weird, but now you know.
 * Make sure things start up OK: `tail -f /var/log/td-agent/td-agent.log`
 * Cause a change that you've configured Fluentd to pick up: (`echo "FluentdTest" >> /usr/local/var/log/test.log`
 * Look in `https://one.newrelic.com/launcher/logger.log-launcher` for your log message ("FluentdTest")
-
-## Pushing changes to the public repo
-
-After updating the New Relic repo with changes, changes will need to be pushed to the public GitHub repo 
-at: https://github.com/newrelic/newrelic-fluentd-output
-
-Make sure you have the public set up as a remote called `public`:
-```
-git remote add public git@github.com:newrelic/newrelic-fluentd-output.git
-```
-
-Sync:
-```
-git checkout --orphan single-commit-for-public-sync && \
-    # Remove things we don't want sent to the public-sync repo \
-    rm grandcentral.yml DEVELOPER.md && \
-    # Create a single commit and force push it, overwriting the remote master \
-    git commit -am "Mirrored commit" && \
-    git push --force public single-commit-for-public-sync:master && \
-    # Clean up \
-    git checkout master && \
-    git branch -D single-commit-for-public-sync
-```
-
-# Push changes to RubyGems
-After updating the source code and gem version in `version.rb`, push the changes to RubyGems. 
-Note, you must be a gem owner to publish changes on [RubyGems.org](https://rubygems.org/profiles/NR-LOGGING)
-
-* Build the gem: `gem build newrelic-fluentd-output.gemspec`
-* Publish the gem: `gem push fluent-plugin-newrelic-<VERSION>.gem` 
-  with the updated version (example: `gem push fluent-plugin-newrelic-0.2.2.gem`)

data/Gemfile

@@ -4,5 +4,5 @@ source 'https://rubygems.org'
 gemspec
 
 group :development do
-  gem "rspec"
+  gem "ci_reporter_test_unit"
 end

data/README.md

@@ -4,11 +4,17 @@ A [Fluentd](https://fluentd.org/) output plugin that sends logs to New Relic
 
 This project is provided AS-IS WITHOUT WARRANTY OR SUPPORT, although you can report issues and contribute to the project here on GitHub.
 
+## Examples
+
+Please see the [examples](examples/) directory for ways to build a Docker image with the New Relic output plugin and other configuration types
+that could be useful in your environment.
+
 ## Prerequisites
 
 Fluentd >= v1.0
 
 ## Installation
+
 Add the plugin to your fluentd agent:
 
 `fluent-gem install fluent-plugin-newrelic`
@@ -23,19 +29,22 @@ For more info, review [Fluentd's official documentation](https://docs.fluentd.or
 
 ### Required plugin configuration
 
+Exactly one of the following:
+
 | Property | Description |
 |---|---|
 | api_key | your New Relic API Insert key |
+| license_key | your New Relic License key |
 
 ### Optional plugin configuration
 
 | Property | Description | Default value |
 |---|---|---|
-| base_uri | New Relic ingestion endpoint | 'https://log-api.newrelic.com/log/v1' |
+| base_uri | New Relic ingestion endpoint | `https://log-api.newrelic.com/log/v1` |
 
 ### EU plugin configuration
 
-If you are running this plugin in the eu set the `base_uri` to `http://log-api.eu.newrelic.com/log/v1`.
+If you are running this plugin in the eu set the `base_uri` to `https://log-api.eu.newrelic.com/log/v1`.
 
 ### Fields
 
@@ -45,9 +54,12 @@ in a `log` field, while we want messages in a `message` field.
 
 ### Example
 
-Add the following block to your Fluentd config file (with your specific New Relic Insights Insert key), then restart Fluentd.
+Add one of the following blocks to your Fluentd config file (with your specific key), then restart Fluentd.
+
+#### Using Insights Inserts Key
+
+Example using Insights Insert key:
 
-Example:
 ```rb
 <match **>
   @type newrelic
@@ -58,6 +70,20 @@ Example:
 Getting your New Relic Insights Insert key:
 `https://insights.newrelic.com/accounts/<ACCOUNT_ID>/manage/api_keys`
 
+#### Using License Key
+
+Example using License key:
+
+```rb
+<match **>
+  @type newrelic
+  license_key <NEW_RELIC_LICENSE_KEY>
+</match>
+```
+
+Getting your New Relic license key:
+`https://rpm.newrelic.com/accounts/<ACCOUNT_ID>`
+
 ## Copyright
 
 * Copyright(c) 2019 - New Relic

data/Rakefile

@@ -1,2 +1,19 @@
-require "bundler/gem_tasks"
+require "bundler"
+Bundler::GemHelper.install_tasks
+
+require "rake/testtask"
+require 'ci/reporter/rake/test_unit'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs.push("lib", "test")
+  t.test_files = FileList["test/**/*_test.rb"]
+  t.verbose = true
+  t.warning = true
+end
+
+namespace :ci do
+  task :all => ['ci:setup:testunit', 'test']
+end
+
+task default: ["ci:all"]
 

data/examples/Dockerfile

@@ -0,0 +1,5 @@
+FROM fluent/fluentd:v1.9.1-1.0
+
+USER root
+
+RUN fluent-gem install fluent-plugin-newrelic

data/examples/Windows-IIS.conf

@@ -0,0 +1,85 @@
+####
+## New Relic Logs - Basic Windows Event + IIS config v1.5
+## Built in FluentD v1.7.4
+## by AI of NR 2/4/2020
+##
+## Don't forget to add your NR license key to the <match> statement at the bottom of this file.
+##
+
+## Windows Event Log Input
+<source>
+  @type windows_eventlog
+  @id windows_eventlog
+  tag winevt.raw
+  channels application,system,security
+  <storage>
+    @type local
+    persistent true
+    path c:/opt/td-agent/winevt.pos
+  </storage>
+</source>
+
+#
+# Windows IIS log parsing.  This config uses the standard W3C format and the standard location for IIS logs.
+# It expects the log timestamp to be UTC.
+# Change the path below if you store your logs elsewhere.
+#
+<source>
+  @type tail
+  tag iislog.raw
+  path c:/inetpub/logs/logfiles/*/*
+  pos_file c:/opt/td-agent/iislog.pos
+  <parse>
+    @type regexp
+    expression /(?<time>\d{4}-\d{2}-\d{2} [\d:]+) (?<message>.+)/
+    time_format %Y-%m-%d %H:%M:%S
+	utc true
+  </parse>
+</source>
+
+<filter iislog.raw>
+  @type parser
+  key_name message
+  remove_key_name_field false
+  reserve_data true
+  reserve_time true
+  <parse>
+    @type csv
+    delimiter ' '
+    keys hostname,req_method,req_uri,cs-uri-query,s_port,cs-username,c_ip,req_ua,req_referer,http_code,sc-substatus,sc-win32-status,time-taken
+    null_value_pattern -
+    null_empty_string true
+  </parse>
+</filter>
+
+#
+# For a slightly nicer experience, add Service Name (s-sitename) to your log output, comment out the filter above and use this one instead.
+#
+#<filter iislog.raw>
+#  @type parser
+#  key_name message
+#  remove_key_name_field false
+#  reserve_data true
+#  reserve_time true
+#  <parse>
+#    @type csv
+#    delimiter ' '
+#    keys service_name,hostname,req_method,req_uri,cs-uri-query,s_port,cs-username,c_ip,req_ua,req_referer,http_code,sc-substatus,sc-win32-status,time-taken
+#    null_value_pattern -
+#    null_empty_string true
+#  </parse>
+#</filter>
+
+<filter winevt.raw>
+  @type record_transformer
+  <record>
+    message ${record["description"]}
+	  hostname ${record["computer_name"]}
+  </record>
+</filter>
+
+# New Relic output
+<match **>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/copy_output.conf

@@ -0,0 +1,43 @@
+#Tail and parse Apache access logs
+
+<source>
+   @type tail
+   @id input_tail_apache
+   tag apache_access
+   path /var/log/apache2/access.log
+   pos_file /var/log/apache2/access.pos
+   path_key filename
+   <parse>
+   @type apache2
+   </parse>
+ </source>
+ 
+ #Add hostname and tag fields to all events ("records") with a Fluentd tag of apache_access
+ 
+ <filter apache_access>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+#Output (https://docs.fluentd.org/output/copy) events to both New Relic and a local file.
+
+<match **>
+  @type copy
+  <store>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+  </store>
+  <store>
+  @type file
+  path /var/log/apacheout.log
+  <buffer>
+    #Buffer settings are for testing and not recommended for use in a production environment.
+    timekey 10s
+    timekey_use_utc true
+    timekey_wait 15s
+  </buffer>
+  </store>
+</match>

data/examples/custom_field.conf

@@ -0,0 +1,32 @@
+#Tail and parse Docker log files
+
+<source>
+  @type tail
+  path /var/lib/docker/containers/*/*-json.log
+  pos_file /var/log/docker-log.pos
+  read_from_head true
+  tag containers
+  <parse>
+    @type json
+    time_format %Y-%m-%dT%H:%M:%S.%NZ
+    keep_time_key true
+    time_key time
+  </parse>
+</source>
+
+<filter containers>
+  @type record_transformer
+  enable_ruby true
+  <record>
+    #Add hostname and tag fields to all records
+    fluentd_host "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+# Forward events to New Relic
+
+<match containers>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+  </match>

data/examples/file_input.conf

@@ -0,0 +1,29 @@
+#Tail arbitrary text/log file
+
+<source>
+  @type tail
+  <parse>
+    @type none
+  </parse>
+  path /var/log/backend-app*.log
+  pos_file /var/log/backend.application.pos
+  path_key filename # Add watched file path to path_key field for every event/record.
+  tag backend.application
+</source>
+
+ #Add hostname and tag fields to all events ("records") with a Fluentd tag of backend.application
+ 
+ <filter backend.application>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+#Write events to New Relic
+
+<match backend.application>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/filter_logs.conf

@@ -0,0 +1,52 @@
+#Tail and parse arbitrary text/log file
+
+<source>
+  @type tail
+  <parse> #Parse timestamp, everything else to be stored in message field
+    @type regexp
+    expression /^\[(?<logtime>[^\]]*)\] (?<message>.*)$/
+    time_key logtime
+    time_format %Y-%m-%d %H:%M:%S %z
+  </parse>
+  path /var/log/backend-app*.log
+  pos_file /var/log/backend.application.pos
+  path_key filename # Add watched file path to path_key field for every event/record.
+  tag backend.application
+</source>
+
+#Add hostname and service_name fields to all events ("records") with a Fluentd tag of backend.application
+ 
+<filter backend.application>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    service_name ${tag}
+  </record>
+</filter>
+
+# For all events with a tag of backend.application:
+# Keep ONLY events where service_name field contains a value matching /backend.application/ AND where message field contains a value matching /Cannot connect to/
+# Discard any events where value of hostname field matches /staging/
+
+<filter backend.application>
+  @type grep
+  <regexp>
+    key service_name
+    pattern /backend.application/
+  </regexp>
+   <regexp>
+    key message
+    pattern /Cannot connect to/
+  </regexp>
+  <exclude>
+    key hostname
+    pattern /staging/
+  </exclude>
+</filter>
+
+#Write events with backend.application tag to New Relic
+
+<match backend.application>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/grok_parser.conf

@@ -0,0 +1,43 @@
+#Tail arbitrary log file and parse using grok pattern
+#Install the required plugin: fluent-gem install fluent-plugin-grok-parser
+
+<source>
+  @type tail
+  <parse>
+    @type grok
+    <grok>
+      pattern %{SYSLOGTIMESTAMP:timestamp} %{LOGLEVEL:loglevel}: %{GREEDYDATA:message}
+    </grok>
+  </parse>
+  path /var/log/customapp.log
+  pos_file /var/log/customapp.pos
+  path_key filename
+  tag custom.application
+</source>
+
+# Drop events with custom.application tag where loglevel field contains "debug" or "info" (case-insensitive match)
+
+<filter custom.application>
+  @type grep
+  <exclude>
+    key loglevel
+    pattern /debug|info/i
+  </exclude>
+</filter>
+
+#Add hostname and tag fields to all events ("records") with a Fluentd tag of custom.application
+ 
+ <filter custom.application>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+#Write custom.application events to New Relic
+
+<match custom.application>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/minimal_complete_config.conf

@@ -0,0 +1,27 @@
+#Tail arbitrary text/log file
+
+<source>
+  @type tail
+  <parse>
+    @type none
+  </parse>
+  path /home/logs/*
+  path_key file
+  tag sample.tag
+</source>
+
+#Add service_name field to all events ("records") with a Fluentd tag of sample.tag
+
+<filter sample.tag>
+  @type record_transformer
+  <record>
+    service_name ${tag}
+  </record>
+</filter>
+
+#Write sample.tag events to New Relic
+
+<match sample.tag>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/multiline_log_parse.conf

@@ -0,0 +1,11 @@
+ <filter backend.application>
+    @type parser
+    <parse>
+      @type multiline_grok
+      grok_failure_key grokfailure
+      multiline_start_regex ^abc
+      <grok>
+        pattern %{GREEDYDATA:message}
+      </grok>
+    </parse>
+  </filter>

data/examples/parse_nginx.conf

@@ -0,0 +1,17 @@
+#Tail and parse NGINX log file
+
+<source>
+  @type tail
+  <parse>
+    @type nginx
+  </parse>
+  path /path/to/access.log
+  tag nginx.access
+</source>
+
+#Write events with tag matching nginx.* to New Relic
+
+<match nginx.*>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/readme.md

@@ -0,0 +1,71 @@
+# Fluentd -> New Relic Examples
+
+## Creating a Docker Image
+
+Using [Fluentd](https://www.fluentd.org/) as an image makes it simple to deploy a quick input logging solution for functions such as [Syslogs](https://docs.fluentd.org/input/syslog), [HTTP](https://docs.fluentd.org/input/http), custom [UDP](https://docs.fluentd.org/input/udp) and [TCP](https://docs.fluentd.org/input/tcp) use cases, [SNMP](https://github.com/iij/fluent-plugin-snmp), along with many other functions. The [Fluentd](https://www.fluentd.org/) team has put together a great [set of documents](https://docs.fluentd.org/container-deployment) to help you get their basic configuration setup. After that, you will want to get your logs flowing into [New Relic Logs](https://docs.newrelic.com/docs/logs/new-relic-logs/get-started/introduction-new-relic-logs) to create alerts and monitor your systems.
+
+If you are able to use the Fluentd image directly, it is really simple build on that image and add the New Relic Fluentd Output Plugin. The below set of steps assumes you have some basic understanding of building a Docker image.
+
+### Docker Image: Steps
+
+#### 1. Create a `Dockerfile`
+
+It doesn't take much to get the New Relic Output Plugin into a docker image. Here is a good example from Docker on how best to create an image, [LINK](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/).
+
+We have an [example Docker file](Dockerfile) in this folder which can be used to get moving quickly.
+
+#### 2. Build the Image
+
+The build process is simple and will register a newly created image in your local Docker repository. If you want to use this image for multiple machines, you will need to publish the image to a location you can access.
+
+```bash
+# Run this command in the same directory as the Docker file or point to its location
+docker build --tag nr-fluent:latest nri-fluentd .
+
+# Run this command to verify the image was created
+docker image ls
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+nr-fluent           latest              70c388b63afc        1 minute ago        44.9MB
+```
+
+#### 3. Run the Docker Image
+
+The next steps assume that you have already created a `fluentd.conf` file with is ready to being monitoring. If you haven't, you must do so before you continue.
+
+In the following example can be used if you are going to run a syslog server on the image.
+
+```bash
+# Notice that the syntax for exposing the UDP port is a bit different
+# In testing, it appeared that trying to map the UDP port to from a different one configured in the Fluentd config file didn't work as expected
+docker run -d --name "syslog" -p 0.0.0.0:5140:5140/udp -p 0.0.0.0:5142:5142/udp -v /etc/fluentd:/fluentd/etc -e FLUENTD_CONF=fluentd.conf nr-fluent:latest
+```
+
+## Configuring a Syslog Server with Fluentd and New Relic Logs
+
+In the below example, we are going to create a `fluentd.conf` which will enable a syslog server. It is a good idea to determine if your syslog server is going
+to connect to this service using UDP or TCP. By default, most syslog servers will likely use UDP. In the below example, I am setting up two syslog listeners for
+Ubiquiti [Edgemax router](https://help.ubnt.com/hc/en-us/articles/204975904-EdgeRouter-Remote-Syslog-Server-for-System-Logs) and the [Unifi Security Gateway and Access points](https://community.ui.com/questions/syslog-server-and-unifi-logs/bbde4318-e73f-4efe-b1b9-ae11319cc1d9).
+
+### Fluentd.Conf: Steps
+
+#### 1. Create a `fluentd.conf` file in a known directory on the host machine
+
+Below, I have chosen `/etc/fluentd/` as my directory.
+
+```bash
+# Make the directory
+sudo mkdir /etc/fluentd
+
+# Edit the file
+sudo nano /etc/fluentd/fluentd.conf
+```
+
+#### 2. Add the contents from the [`syslog/fluentd.conf`](syslog/fluentd.config)
+
+You can find the contents of the [`syslog/fluentd.conf`](syslog/fluentd.config) in the sub folder `syslog`. These contents should provide a quick start to getting started. In the provided
+example, the syslog details are coming from the above mentioned devices. You may need to tweak the configuration according to the server sending the syslog traffic.
+
+#### 3. Check New Relic for New Logs
+
+That is all it should take to get a new stream of logs coming from those devices.

data/examples/syslog/fluentd.config

@@ -0,0 +1,47 @@
+# UNIFI
+<source>
+  @type syslog
+  port 5140
+  bind 0.0.0.0
+  tag unifi
+</source>
+
+<filter unifi.**>
+  @type record_transformer
+  renew_record true
+  enable_ruby true
+  <record>
+    timestamp ${time.to_f}
+    hostname ${record["host"][/(^.*?),/, 1]}
+    service ${tag_prefix[1]}
+    log_level ${tag_suffix[2]}
+    message ${record.to_json}
+  </record>
+</filter>
+
+# EDGE MAX
+<source>
+  @type syslog
+  port 5142
+  bind 0.0.0.0
+  tag edge-max
+</source>
+
+<filter edge-max.**>
+  @type record_transformer
+  renew_record true
+  enable_ruby true
+  <record>
+    timestamp ${time.to_f}
+    hostname ${record["host"]}
+    service ${tag_prefix[1]}
+    log_level ${tag_suffix[2]}
+    message ${record.to_json}
+  </record>
+</filter>
+
+# Send data
+<match **>
+  @type newrelic
+  api_key <CHANGE TO YOUR LICENSE KEY HERE>
+</match>

data/examples/syslog_input.conf

@@ -0,0 +1,5 @@
+<source>
+  @type syslog
+  port 5140
+  tag syslog.messages
+</source>

data/lib/fluent/plugin/out_newrelic.rb

@@ -18,6 +18,7 @@ require 'net/http'
 require 'uri'
 require 'zlib'
 require 'newrelic-fluentd-output/version'
+require 'yajl'
 
 module Fluent
   module Plugin
@@ -32,6 +33,7 @@ module Fluent
       config_param :license_key, :string, :default => nil
 
       DEFAULT_BUFFER_TYPE = 'memory'.freeze
+      MAX_PAYLOAD_SIZE = 1048576 # 1 Megabyte in bytes
 
       config_section :buffer do
         config_set_default :@type, DEFAULT_BUFFER_TYPE
@@ -49,14 +51,14 @@ module Fluent
       def configure(conf)
         super
         if @api_key.nil? && @license_key.nil?
-          raise Fluent::ConfigError.new("'api_key' or `license_key` parameter is required") 
+          raise Fluent::ConfigError.new("'api_key' or 'license_key' parameter is required")
         end
 
         # create initial sockets hash and socket based on config param
         @end_point = URI.parse(@base_uri)
         auth = {
-          @api_key.nil? ? 'X-License_key' : 'X-Insert-Key' => 
-          @api_key.nil? ? @license_key : @api_key 
+          @api_key.nil? ? 'X-License-Key' : 'X-Insert-Key' =>
+          @api_key.nil? ? @license_key : @api_key
         }
         @header = {
             'X-Event-Source' => 'logs',
@@ -66,6 +68,9 @@ module Fluent
       end
 
       def package_record(record, timestamp)
+        if defined? timestamp.nsec
+          timestamp = timestamp * 1000 + timestamp.nsec / 1_000_000
+        end
         packaged = {
           'timestamp' => timestamp,
           # non-intrinsic attributes get put into 'attributes'
@@ -85,41 +90,30 @@ module Fluent
           packaged['message'] = record['log']
           packaged['attributes'].delete('log')
         end
-        
+
         packaged
       end
 
       def write(chunk)
-        payload = {
-          'common' => {
-            'attributes' => {
-              'plugin' => {
-                'type' => 'fluentd',
-                'version' => NewrelicFluentdOutput::VERSION,
-              }
-            }
-          },
-          'logs' => []
-        }
+        logs = []
         chunk.msgpack_each do |ts, record|
           next unless record.is_a? Hash
           next if record.empty?
-          payload['logs'].push(package_record(record, ts))
+          logs.push(package_record(record, ts))
         end
-        io = StringIO.new
-        gzip = Zlib::GzipWriter.new(io)
-        gzip << [payload].to_json
-        gzip.close
-        send(io.string)
+
+
+        payloads = get_compressed_payloads(logs)
+        payloads.each { |payload| send_payload(payload) }
       end
-      
+
       def handle_response(response)
         if !(200 <= response.code.to_i && response.code.to_i < 300)
           log.error("Response was " + response.code + " " + response.body)
         end
       end
 
-      def send(payload)
+      def send_payload(payload)
         http = Net::HTTP.new(@end_point.host, 443)
         http.use_ssl = true
         http.verify_mode = OpenSSL::SSL::VERIFY_PEER
@@ -128,6 +122,56 @@ module Fluent
         handle_response(http.request(request))
       end
 
+      private
+
+      def get_compressed_payloads(logs)
+        return [] if logs.length == 0
+
+        payload = create_payload(logs)
+        compressed_payload = compress(payload)
+
+        if compressed_payload.bytesize <= MAX_PAYLOAD_SIZE
+          return [compressed_payload]
+        end
+
+        if logs.length > 1 # we can split
+          # let's split logs array by half, and try to create payloads again
+          midpoint = logs.length / 2
+          first_half = get_compressed_payloads(logs.slice(0, midpoint))
+          second_half = get_compressed_payloads(logs.slice(midpoint, logs.length))
+          return first_half + second_half
+        else
+          log.error("Can't compress record below required maximum packet size and it will be discarded. Record: #{logs[0]}")
+          return []
+        end
+      end
+
+      def create_payload(logs)
+        {
+          'common' => {
+            'attributes' => {
+              'plugin' => {
+                'type' => 'fluentd',
+                'version' => NewrelicFluentdOutput::VERSION,
+              }
+            }
+          },
+          'logs' => logs
+        }
+      end
+
+      def compress(payload)
+        io = StringIO.new
+        gzip = Zlib::GzipWriter.new(io)
+
+        # Fluentd can run with a version of Ruby (2.1.0) whose to_json method doesn't support non-ASCII characters.
+        # So we use Yajl, which can handle all Unicode characters. Apparently this library is what Fluentd uses
+        # internally, so it is installed by default with td-agent.
+        # See https://github.com/fluent/fluentd/issues/215
+        gzip << Yajl.dump([payload])
+        gzip.close
+        io.string
+      end
     end
   end
 end

data/lib/newrelic-fluentd-output/version.rb

@@ -1,3 +1,3 @@
 module NewrelicFluentdOutput
-  VERSION = "1.1.1"
+  VERSION = "1.1.9"
 end

data/merge-to-master-pipeline.yml

@@ -0,0 +1,57 @@
+# Run any time a commit is merged to the 'master' branch
+trigger:
+  - master
+
+# There is a separate pipeline for PRs (it does not do deploys)
+pr: none
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+steps:
+  - task: DownloadSecureFile@1
+    name: "rubyGemsCredentials"
+    inputs:
+      secureFile: 'credentials'
+
+  - task: UseRubyVersion@0
+    inputs:
+      versionSpec: '>= 2.5'
+
+  - script: |
+      gem install bundler
+      bundle update
+      bundle install --retry=3 --jobs=4
+    displayName: 'bundle install'
+
+  - task: Bash@3
+    displayName: 'Run tests'
+    inputs:
+      targetType: 'inline'
+      script: |
+        bundle exec rake
+
+  - task: PublishTestResults@2
+    inputs:
+      testResultsFormat: 'JUnit'
+      testResultsFiles: '**/TEST-*.xml'
+      mergeTestResults: true
+      failTaskOnFailedTests: true
+      testRunTitle: 'Publish tests'
+
+  - task: Bash@3
+    displayName: 'Build gem'
+    inputs:
+      targetType: 'inline'
+      script: |
+        gem build newrelic-fluentd-output.gemspec
+
+  - task: Bash@3
+    displayName: 'Publish gem to RubyGems'
+    inputs:
+      targetType: 'inline'
+      script: |
+        eval "$(rbenv init -)"
+        mv $(rubyGemsCredentials.secureFilePath) ~/.gem/credentials
+        sudo chmod 600 ~/.gem/credentials
+        gem push fluent-plugin-newrelic-*.gem

data/newrelic-fluentd-output.gemspec

@@ -23,4 +23,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake"
   spec.add_development_dependency "test-unit"
   spec.add_development_dependency "webmock"
+  spec.add_development_dependency "rspec_junit_formatter"
 end

data/pr-pipeline.yml

@@ -0,0 +1,33 @@
+pr:
+  branches:
+    include:
+      - '*'
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+steps:
+  - task: UseRubyVersion@0
+    inputs:
+      versionSpec: '>= 2.5'
+
+  - script: |
+      gem install bundler
+      bundle update
+      bundle install --retry=3 --jobs=4
+    displayName: 'bundle install'
+
+  - task: Bash@3
+    displayName: 'Run tests'
+    inputs:
+      targetType: 'inline'
+      script: |
+        bundle exec rake
+
+  - task: PublishTestResults@2
+    inputs:
+      testResultsFormat: 'JUnit'
+      testResultsFiles: '**/TEST-*.xml'
+      mergeTestResults: true
+      failTaskOnFailedTests: true
+      testRunTitle: 'Publish tests'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-newrelic
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.9
 platform: ruby
 authors:
 - New Relic Logging Team
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-09-04 00:00:00.000000000 Z
+date: 2020-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email:
 - logging-team@newrelic.com
@@ -89,17 +103,30 @@ extra_rdoc_files: []
 files:
 - ".dockerignore"
 - ".gitignore"
-- ".rspec"
 - DEVELOPER.md
 - Dockerfile
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
-- grandcentral.yml
+- examples/Dockerfile
+- examples/Windows-IIS.conf
+- examples/copy_output.conf
+- examples/custom_field.conf
+- examples/file_input.conf
+- examples/filter_logs.conf
+- examples/grok_parser.conf
+- examples/minimal_complete_config.conf
+- examples/multiline_log_parse.conf
+- examples/parse_nginx.conf
+- examples/readme.md
+- examples/syslog/fluentd.config
+- examples/syslog_input.conf
 - lib/fluent/plugin/out_newrelic.rb
 - lib/newrelic-fluentd-output/version.rb
+- merge-to-master-pipeline.yml
 - newrelic-fluentd-output.gemspec
+- pr-pipeline.yml
 homepage: https://github.com/newrelic/newrelic-fluentd-output
 licenses:
 - Apache-2.0
@@ -119,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Sends FluentD events to New Relic

data/.rspec

@@ -1,2 +0,0 @@
---format documentation
---color

data/grandcentral.yml

@@ -1,29 +0,0 @@
-slack_channel: logging-notifications
-deploy_mechanism: none
-test_suites:
-- command: |
-    mkdir -p ~/.gem
-    curl -u $ARTIFACTORY_USERNAME:$ARTIFACTORY_PASSWORD https://artifacts.datanerd.us/api/gems/newrelic-gems-local/api/v1/api_key.yaml -o ~/.gem/credentials
-    chmod 0600 ~/.gem/credentials
-    bundle install && bundle exec rspec
-  environment:
-    dockerfile: Dockerfile
-  name: Unit Tests
-build:
-  environment:
-    dockerfile: Dockerfile
-    secret_env_vars:
-    - name: ARTIFACTORY_USERNAME
-      shared_path: artifactory
-    - name: ARTIFACTORY_PASSWORD
-      shared_path: artifactory
-  publish:
-    command: |
-      mkdir -p ~/.gem
-      curl -u $ARTIFACTORY_USERNAME:$ARTIFACTORY_PASSWORD https://artifacts.datanerd.us/api/gems/newrelic-gems-local/api/v1/api_key.yaml -o ~/.gem/credentials
-      chmod 0600 ~/.gem/credentials
-      bundle install
-      gem release --host https://artifacts.datanerd.us/api/gems/newrelic-gems-local
-  read_version:
-    command: cat ./lib/newrelic-fluentd-output/version.rb | grep VERSION | awk '{
-      gsub("\"", "", $3); print $3 }'