fluent-plugin-newrelic 1.1.8 → 1.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: caf9616fa22e2338c4df33d70571d6a18850a17dafe98bb78c1e916aa7339ab5
-  data.tar.gz: a23147d65d03ac2de83765856f3ee84cc2afe26fbe24bc8c7e3c8f028316fb37
+  metadata.gz: 7982f3b3dc21e8b82c8016c6f7ee6d2d4dad24128d754ad4c03a41a7e99f97d0
+  data.tar.gz: 3b2f2b9fe1e80f538a11c0171db58f7268eeaef01f35abd4130db6168946797d
 SHA512:
-  metadata.gz: 991cab2d7e3060134f2f31784077d6e409c505a878a2d44a9eb1bf1d6ec8bc79752e3840881b0e7e0cddbb8547d9067bb153f76c650cded1d0c330eb9fc184bf
-  data.tar.gz: 716cb1b8150874ecb42c09bf678baa339d0f7bc65e4ebeb30badd9c31a9258d6a60d31d6376649bbbc64329bdcfc95e3d45fbb9b1bc022ea657940c3c4be9106
+  metadata.gz: 4376c990dad117a8a4f64c1a469aae6018352584cbb375c7a88fea2d2f78c0474202fceea91d68d8be8a5e53e16d025f2dc0fdcae518f15ae4eb56080bc01de9
+  data.tar.gz: 91dec110d12f79f9104c5485f956477198cddad9fda0d0fddaae59800f895f4323d9fde1b4e6ac3f32fa4a9e50a5fdfdd67e08a4fc3cd7f132f54a8dc36730b2

data/examples/Windows-IIS.conf

@@ -0,0 +1,85 @@
+####
+## New Relic Logs - Basic Windows Event + IIS config v1.5
+## Built in FluentD v1.7.4
+## by AI of NR 2/4/2020
+##
+## Don't forget to add your NR license key to the <match> statement at the bottom of this file.
+##
+
+## Windows Event Log Input
+<source>
+  @type windows_eventlog
+  @id windows_eventlog
+  tag winevt.raw
+  channels application,system,security
+  <storage>
+    @type local
+    persistent true
+    path c:/opt/td-agent/winevt.pos
+  </storage>
+</source>
+
+#
+# Windows IIS log parsing.  This config uses the standard W3C format and the standard location for IIS logs.
+# It expects the log timestamp to be UTC.
+# Change the path below if you store your logs elsewhere.
+#
+<source>
+  @type tail
+  tag iislog.raw
+  path c:/inetpub/logs/logfiles/*/*
+  pos_file c:/opt/td-agent/iislog.pos
+  <parse>
+    @type regexp
+    expression /(?<time>\d{4}-\d{2}-\d{2} [\d:]+) (?<message>.+)/
+    time_format %Y-%m-%d %H:%M:%S
+	utc true
+  </parse>
+</source>
+
+<filter iislog.raw>
+  @type parser
+  key_name message
+  remove_key_name_field false
+  reserve_data true
+  reserve_time true
+  <parse>
+    @type csv
+    delimiter ' '
+    keys hostname,req_method,req_uri,cs-uri-query,s_port,cs-username,c_ip,req_ua,req_referer,http_code,sc-substatus,sc-win32-status,time-taken
+    null_value_pattern -
+    null_empty_string true
+  </parse>
+</filter>
+
+#
+# For a slightly nicer experience, add Service Name (s-sitename) to your log output, comment out the filter above and use this one instead.
+#
+#<filter iislog.raw>
+#  @type parser
+#  key_name message
+#  remove_key_name_field false
+#  reserve_data true
+#  reserve_time true
+#  <parse>
+#    @type csv
+#    delimiter ' '
+#    keys service_name,hostname,req_method,req_uri,cs-uri-query,s_port,cs-username,c_ip,req_ua,req_referer,http_code,sc-substatus,sc-win32-status,time-taken
+#    null_value_pattern -
+#    null_empty_string true
+#  </parse>
+#</filter>
+
+<filter winevt.raw>
+  @type record_transformer
+  <record>
+    message ${record["description"]}
+	  hostname ${record["computer_name"]}
+  </record>
+</filter>
+
+# New Relic output
+<match **>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/copy_output.conf

@@ -0,0 +1,43 @@
+#Tail and parse Apache access logs
+
+<source>
+   @type tail
+   @id input_tail_apache
+   tag apache_access
+   path /var/log/apache2/access.log
+   pos_file /var/log/apache2/access.pos
+   path_key filename
+   <parse>
+   @type apache2
+   </parse>
+ </source>
+ 
+ #Add hostname and tag fields to all events ("records") with a Fluentd tag of apache_access
+ 
+ <filter apache_access>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+#Output (https://docs.fluentd.org/output/copy) events to both New Relic and a local file.
+
+<match **>
+  @type copy
+  <store>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+  </store>
+  <store>
+  @type file
+  path /var/log/apacheout.log
+  <buffer>
+    #Buffer settings are for testing and not recommended for use in a production environment.
+    timekey 10s
+    timekey_use_utc true
+    timekey_wait 15s
+  </buffer>
+  </store>
+</match>

data/examples/custom_field.conf

@@ -0,0 +1,32 @@
+#Tail and parse Docker log files
+
+<source>
+  @type tail
+  path /var/lib/docker/containers/*/*-json.log
+  pos_file /var/log/docker-log.pos
+  read_from_head true
+  tag containers
+  <parse>
+    @type json
+    time_format %Y-%m-%dT%H:%M:%S.%NZ
+    keep_time_key true
+    time_key time
+  </parse>
+</source>
+
+<filter containers>
+  @type record_transformer
+  enable_ruby true
+  <record>
+    #Add hostname and tag fields to all records
+    fluentd_host "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+# Forward events to New Relic
+
+<match containers>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+  </match>

data/examples/file_input.conf

@@ -0,0 +1,29 @@
+#Tail arbitrary text/log file
+
+<source>
+  @type tail
+  <parse>
+    @type none
+  </parse>
+  path /var/log/backend-app*.log
+  pos_file /var/log/backend.application.pos
+  path_key filename # Add watched file path to path_key field for every event/record.
+  tag backend.application
+</source>
+
+ #Add hostname and tag fields to all events ("records") with a Fluentd tag of backend.application
+ 
+ <filter backend.application>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+#Write events to New Relic
+
+<match backend.application>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/filter_logs.conf

@@ -0,0 +1,52 @@
+#Tail and parse arbitrary text/log file
+
+<source>
+  @type tail
+  <parse> #Parse timestamp, everything else to be stored in message field
+    @type regexp
+    expression /^\[(?<logtime>[^\]]*)\] (?<message>.*)$/
+    time_key logtime
+    time_format %Y-%m-%d %H:%M:%S %z
+  </parse>
+  path /var/log/backend-app*.log
+  pos_file /var/log/backend.application.pos
+  path_key filename # Add watched file path to path_key field for every event/record.
+  tag backend.application
+</source>
+
+#Add hostname and service_name fields to all events ("records") with a Fluentd tag of backend.application
+ 
+<filter backend.application>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    service_name ${tag}
+  </record>
+</filter>
+
+# For all events with a tag of backend.application:
+# Keep ONLY events where service_name field contains a value matching /backend.application/ AND where message field contains a value matching /Cannot connect to/
+# Discard any events where value of hostname field matches /staging/
+
+<filter backend.application>
+  @type grep
+  <regexp>
+    key service_name
+    pattern /backend.application/
+  </regexp>
+   <regexp>
+    key message
+    pattern /Cannot connect to/
+  </regexp>
+  <exclude>
+    key hostname
+    pattern /staging/
+  </exclude>
+</filter>
+
+#Write events with backend.application tag to New Relic
+
+<match backend.application>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/grok_parser.conf

@@ -0,0 +1,43 @@
+#Tail arbitrary log file and parse using grok pattern
+#Install the required plugin: fluent-gem install fluent-plugin-grok-parser
+
+<source>
+  @type tail
+  <parse>
+    @type grok
+    <grok>
+      pattern %{SYSLOGTIMESTAMP:timestamp} %{LOGLEVEL:loglevel}: %{GREEDYDATA:message}
+    </grok>
+  </parse>
+  path /var/log/customapp.log
+  pos_file /var/log/customapp.pos
+  path_key filename
+  tag custom.application
+</source>
+
+# Drop events with custom.application tag where loglevel field contains "debug" or "info" (case-insensitive match)
+
+<filter custom.application>
+  @type grep
+  <exclude>
+    key loglevel
+    pattern /debug|info/i
+  </exclude>
+</filter>
+
+#Add hostname and tag fields to all events ("records") with a Fluentd tag of custom.application
+ 
+ <filter custom.application>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    tag ${tag}
+  </record>
+</filter>
+
+#Write custom.application events to New Relic
+
+<match custom.application>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/minimal_complete_config.conf

@@ -0,0 +1,27 @@
+#Tail arbitrary text/log file
+
+<source>
+  @type tail
+  <parse>
+    @type none
+  </parse>
+  path /home/logs/*
+  path_key file
+  tag sample.tag
+</source>
+
+#Add service_name field to all events ("records") with a Fluentd tag of sample.tag
+
+<filter sample.tag>
+  @type record_transformer
+  <record>
+    service_name ${tag}
+  </record>
+</filter>
+
+#Write sample.tag events to New Relic
+
+<match sample.tag>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/multiline_log_parse.conf

@@ -0,0 +1,11 @@
+ <filter backend.application>
+    @type parser
+    <parse>
+      @type multiline_grok
+      grok_failure_key grokfailure
+      multiline_start_regex ^abc
+      <grok>
+        pattern %{GREEDYDATA:message}
+      </grok>
+    </parse>
+  </filter>

data/examples/parse_nginx.conf

@@ -0,0 +1,17 @@
+#Tail and parse NGINX log file
+
+<source>
+  @type tail
+  <parse>
+    @type nginx
+  </parse>
+  path /path/to/access.log
+  tag nginx.access
+</source>
+
+#Write events with tag matching nginx.* to New Relic
+
+<match nginx.*>
+  @type newrelic
+  api_key <YOUR INSERT KEY>
+</match>

data/examples/readme.md

@@ -61,9 +61,9 @@ sudo mkdir /etc/fluentd
 sudo nano /etc/fluentd/fluentd.conf
 ```
 
-#### 2. Add the contents from the [`syslog\fluentd.conf`](syslog\fluentd.config)
+#### 2. Add the contents from the [`syslog/fluentd.conf`](syslog/fluentd.config)
 
-You can find the contents of the [`syslog\fluentd.conf`](syslog\fluentd.config) in the sub folder `syslog`. These contents should provide a quick start to getting started. In the provided
+You can find the contents of the [`syslog/fluentd.conf`](syslog/fluentd.config) in the sub folder `syslog`. These contents should provide a quick start to getting started. In the provided
 example, the syslog details are coming from the above mentioned devices. You may need to tweak the configuration according to the server sending the syslog traffic.
 
 #### 3. Check New Relic for New Logs

data/examples/syslog_input.conf

@@ -0,0 +1,5 @@
+<source>
+  @type syslog
+  port 5140
+  tag syslog.messages
+</source>

data/lib/fluent/plugin/out_newrelic.rb

@@ -33,6 +33,7 @@ module Fluent
       config_param :license_key, :string, :default => nil
 
       DEFAULT_BUFFER_TYPE = 'memory'.freeze
+      MAX_PAYLOAD_SIZE = 1048576 # 1 Megabyte in bytes
 
       config_section :buffer do
         config_set_default :@type, DEFAULT_BUFFER_TYPE
@@ -50,7 +51,7 @@ module Fluent
       def configure(conf)
         super
         if @api_key.nil? && @license_key.nil?
-          raise Fluent::ConfigError.new("'api_key' or 'license_key' parameter is required") 
+          raise Fluent::ConfigError.new("'api_key' or 'license_key' parameter is required")
         end
 
         # create initial sockets hash and socket based on config param
@@ -89,39 +90,23 @@ module Fluent
           packaged['message'] = record['log']
           packaged['attributes'].delete('log')
         end
-        
+
         packaged
       end
 
       def write(chunk)
-        payload = {
-          'common' => {
-            'attributes' => {
-              'plugin' => {
-                'type' => 'fluentd',
-                'version' => NewrelicFluentdOutput::VERSION,
-              }
-            }
-          },
-          'logs' => []
-        }
+        logs = []
         chunk.msgpack_each do |ts, record|
           next unless record.is_a? Hash
           next if record.empty?
-          payload['logs'].push(package_record(record, ts))
+          logs.push(package_record(record, ts))
         end
-        io = StringIO.new
-        gzip = Zlib::GzipWriter.new(io)
 
-        # Fluentd can run with a version of Ruby (2.1.0) whose to_json method doesn't support non-ASCII characters.
-        # So we use Yajl, which can handle all Unicode characters. Apparently this library is what Fluentd uses
-        # internally, so it is installed by default with td-agent.
-        # See https://github.com/fluent/fluentd/issues/215
-        gzip << Yajl.dump([payload])
-        gzip.close
-        send_payload(io.string)
+
+        payloads = get_compressed_payloads(logs)
+        payloads.each { |payload| send_payload(payload) }
       end
-      
+
       def handle_response(response)
         if !(200 <= response.code.to_i && response.code.to_i < 300)
           log.error("Response was " + response.code + " " + response.body)
@@ -137,6 +122,56 @@ module Fluent
         handle_response(http.request(request))
       end
 
+      private
+
+      def get_compressed_payloads(logs)
+        return [] if logs.length == 0
+
+        payload = create_payload(logs)
+        compressed_payload = compress(payload)
+
+        if compressed_payload.bytesize <= MAX_PAYLOAD_SIZE
+          return [compressed_payload]
+        end
+
+        if logs.length > 1 # we can split
+          # let's split logs array by half, and try to create payloads again
+          midpoint = logs.length / 2
+          first_half = get_compressed_payloads(logs.slice(0, midpoint))
+          second_half = get_compressed_payloads(logs.slice(midpoint, logs.length))
+          return first_half + second_half
+        else
+          log.error("Can't compress record below required maximum packet size and it will be discarded. Record: #{logs[0]}")
+          return []
+        end
+      end
+
+      def create_payload(logs)
+        {
+          'common' => {
+            'attributes' => {
+              'plugin' => {
+                'type' => 'fluentd',
+                'version' => NewrelicFluentdOutput::VERSION,
+              }
+            }
+          },
+          'logs' => logs
+        }
+      end
+
+      def compress(payload)
+        io = StringIO.new
+        gzip = Zlib::GzipWriter.new(io)
+
+        # Fluentd can run with a version of Ruby (2.1.0) whose to_json method doesn't support non-ASCII characters.
+        # So we use Yajl, which can handle all Unicode characters. Apparently this library is what Fluentd uses
+        # internally, so it is installed by default with td-agent.
+        # See https://github.com/fluent/fluentd/issues/215
+        gzip << Yajl.dump([payload])
+        gzip.close
+        io.string
+      end
     end
   end
 end

data/lib/newrelic-fluentd-output/version.rb

@@ -1,3 +1,3 @@
 module NewrelicFluentdOutput
-  VERSION = "1.1.8"
+  VERSION = "1.1.9"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-newrelic
 version: !ruby/object:Gem::Version
-  version: 1.1.8
+  version: 1.1.9
 platform: ruby
 authors:
 - New Relic Logging Team
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-09 00:00:00.000000000 Z
+date: 2020-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -110,8 +110,18 @@ files:
 - README.md
 - Rakefile
 - examples/Dockerfile
+- examples/Windows-IIS.conf
+- examples/copy_output.conf
+- examples/custom_field.conf
+- examples/file_input.conf
+- examples/filter_logs.conf
+- examples/grok_parser.conf
+- examples/minimal_complete_config.conf
+- examples/multiline_log_parse.conf
+- examples/parse_nginx.conf
 - examples/readme.md
 - examples/syslog/fluentd.config
+- examples/syslog_input.conf
 - lib/fluent/plugin/out_newrelic.rb
 - lib/newrelic-fluentd-output/version.rb
 - merge-to-master-pipeline.yml