fluent-plugin-vmware-loginsight 0.1.10 → 0.1.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 18aba45331aaa3aa482ac466fa77747daec97df8e9d31fa231493df9a46c83de
-  data.tar.gz: 987665db9f586d6a4bde5921a68a9c18555b70000f16e900b29b0480e381593b
+  metadata.gz: 10d3d5209686fe48c79d1182e193316588f8e29bb6567d9ebe54b0eb061f0e55
+  data.tar.gz: 53b75b154b7ca8ff95c8aa71dd0fe91d00deff9460761ac4ea1c13da02c724e7
 SHA512:
-  metadata.gz: 68448d50ae0dc8a84bf4f5c17d8a91053b22d240df04c73f2199043a994a95ac7c89ba34281ee5ff623d241d457ad786f8009261c3843ff12a53cdd818b9788e
-  data.tar.gz: a37769610e800178e2e0c9ea19dd3f58b91ff7b4ff38f9b896c8273d651b949dd52625e3bc310a11dc38e732762053199cccc13f2d8e94beb4b2f298f2c22ed0
+  metadata.gz: 2f41fbe184204f8100ebca73447f87d1cdce2640941bdae56d34fff216cbd554a7c22ed1e71f5e39f23bcdb72d8b766897f91917959f29e7346e6deecb0a2f7e
+  data.tar.gz: 1ff567aaf08344dc494fdedb6ed2efc21084e55c66da28b33cdbd40a17331c02519e94226959c291e487787a57e12bdad2fc6cff386573fb483b92dd34430e47

data/README.md

@@ -1,5 +1,7 @@
 # fluent-plugin-vmware-loginsight
 
+[![Gem Version](https://badge.fury.io/rb/fluent-plugin-vmware-loginsight.svg)](https://badge.fury.io/rb/fluent-plugin-vmware-loginsight)
+
 ## Overview
 output plugin to do forward logs to VMware Log Insight
 
@@ -28,39 +30,61 @@ $ bundle
 ## Usage
 
 ```
+# Collect all container logs
 <source>
   @type tail
+  @id in_tail_container_logs
   path /var/log/containers/*.log
+  # One could exclude certain logs like:
+  #exclude_path ["/var/log/containers/log-collector*.log"]
   pos_file /var/log/fluentd-docker.pos
-  time_format %Y-%m-%dT%H:%M:%S
-  tag kubernetes.*
-  format json
   read_from_head true
+  # Set this watcher to false if you have many files to tail
+  enable_stat_watcher false
+  refresh_interval 5
+  tag kubernetes.*
+  <parse>
+    @type json
+    time_key time
+    keep_time_key true
+    time_format %Y-%m-%dT%H:%M:%S.%NZ
+  </parse>
 </source>
 
-# Kubernetes metadata filter that tags additional meta data for each event
-<filter kubernetes.var.log.containers.**.log>
+# Kubernetes metadata filter that tags additional meta data for each container event
+<filter kubernetes.**>
   @type kubernetes_metadata
+  @id filter_kube_metadata
+  kubernetes_url "#{ENV['FLUENT_FILTER_KUBERNETES_URL'] || 'https://' + ENV.fetch('KUBERNETES_SERVICE_HOST') + ':' + ENV.fetch('KUBERNETES_SERVICE_PORT') + '/api'}"
+  verify_ssl "#{ENV['KUBERNETES_VERIFY_SSL'] || true}"
+  ca_file "#{ENV['KUBERNETES_CA_FILE']}"
+  skip_labels "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_LABELS'] || 'false'}"
+  skip_container_metadata "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_CONTAINER_METADATA'] || 'false'}"
+  skip_master_url "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_MASTER_URL'] || 'false'}"
+  skip_namespace_metadata "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_NAMESPACE_METADATA'] || 'false'}"
 </filter>
 
+# Match everything
 <match **>
   @type vmware_loginsight
+  @id out_vmw_li_all_container_logs
   scheme https
   ssl_verify true
-# Loginsight host: One may use IP address or cname
-# host X.X.X.X
-  host my-loginsight.mycompany.com
-  port 9000
-  path api/v1/events/ingest
+  # Loginsight host: One may use IP address or cname
+  #host X.X.X.X
+  host MY_LOGINSIGHT_HOST
+  port 9543
   agent_id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
-  http_method post
-  serializer json
-  rate_limit_msec 0
-  raise_on_error false
-  include_tag_key true
-  tag_key tag
+  # Keys from log event whose values should be added as log message/text to
+  # Loginsight. Note these key/value pairs  won't be added as metadata/fields
+  log_text_keys ["log","msg","message"]
+  # Use this flag if you want to enable http debug logs
+  http_conn_debug false
 </match>
 ```
+
+For more examples look at [examples](./examples/)
+
 ### Configuration options
 
 ```
@@ -104,6 +128,9 @@ request_timeout, :time, :default => 5
 # If set, enables debug logs for http connection
 http_conn_debug, :bool, :default => false :: Valid Value: true | false
 
+# Number of bytes per post request
+max_batch_size, :integer, :default => 512000
+
 # Simple rate limiting: ignore any records within `rate_limit_msec` since the last one
 rate_limit_msec, :integer, :default => 0
 
@@ -125,9 +152,35 @@ flatten_hashes, :bool, :default => true :: Valid Value: true | false
 
 # Seperator to use for joining flattened keys
 flatten_hashes_separator, :string, :default => "_"
-```
 
-For more examples look at [examples](./examples/)
+# Rename fields names
+config_param :rename_fields, :hash, default: {"source" => "log_source"}, value_type: :string
+
+# Keys from log event to rewrite
+# for instance from 'kubernetes_namespace' to 'k8s_namespace'
+# tags will be rewritten with substring substitution
+# and applied in the order present in the hash
+# (Hashes enumerate their values in the order that the
+# corresponding keys were inserted
+# see https://ruby-doc.org/core-2.2.2/Hash.html)
+# example config:
+# shorten_keys {
+#    "__":"_",
+#    "container_":"",
+#    "kubernetes_":"k8s_",
+#    "labels_":"",
+# }
+shorten_keys, :hash, value_type: :string, default:
+        {
+            'kubernetes_':'k8s_',
+            'namespace':'ns',
+            'labels_':'',
+            '_name':'',
+            '_hash':'',
+            'container_':''
+        }
+
+```
 
 ## Contributing
 

data/VERSION

@@ -0,0 +1 @@
+0.1.11

data/examples/fluent.conf

@@ -8,18 +8,25 @@
 # 
 # SPDX-License-Identifier: MIT
 
+# Sample Fluentd config, edit as per your needs.
+# https://github.com/fluent/fluentd-kubernetes-daemonset/tree/master/templates/conf has some good fluentd config examples
 
+# System level configs
 <system>
   log_level info
 </system>
 
 # Prevent fluentd from handling records containing its own logs to handle cycles.
-<match fluent.**>
-  @type null
-</match>
+<label @FLUENT_LOG>
+  <match fluent.**>
+    @type null
+  </match>
+</label>
 
+# Collect all journal logs
 <source>
   @type systemd
+  @id in_systemd_logs
   path /run/log/journal
   # Can filter logs if we want, e.g.
   #filters [{ "_SYSTEMD_UNIT": "kubelet.service" }]
@@ -33,76 +40,121 @@
   strip_underscores true
 </source>
 
+# Collect all container logs
 <source>
   @type tail
+  @id in_tail_container_logs
   path /var/log/containers/*.log
   # One could exclude certain logs like:
-  #  exclude_path ["/var/log/containers/log-collector*.log"]
+  #exclude_path ["/var/log/containers/log-collector*.log"]
   pos_file /var/log/fluentd-docker.pos
-  time_format %Y-%m-%dT%H:%M:%S
-  tag kubernetes.*
-  format json
   read_from_head true
+  # Set this watcher to false if you have many files to tail
+  enable_stat_watcher false
+  refresh_interval 5
+  tag kubernetes.*
+  <parse>
+    @type json
+    time_key time
+    keep_time_key true
+    time_format %Y-%m-%dT%H:%M:%S.%NZ
+  </parse>
 </source>
 
-
-# Sample rule for services that generate java like stack trace
-#<source>
-#  @type tail
-#  path /var/log/containers/javaapp**.log
-#  pos_file /var/log/fluentd-dockerlog.pos
-#  time_format %b %d %H:%M:%S
-#  tag kubernetes.*
-#  format multiline
-#  format_firstline /\d{4}-\d{1,2}-\d{1,2}/
-#  format1 /^(?<time>\d{4}-\d{1,2}-\d{1,2} \d{1,2}:\d{1,2}:\d{1,2}) \[(?<thread>.*)\] (?<level>[^\s]+)(?<message>.*)/
-#  read_from_head true
-#</source>
-
-# Kubernetes metadata filter that tags additional meta data for each event
-<filter kubernetes.var.log.containers.**.log>
+# Kubernetes metadata filter that tags additional meta data for each container event
+<filter kubernetes.**>
   @type kubernetes_metadata
+  @id filter_kube_metadata
+  kubernetes_url "#{ENV['FLUENT_FILTER_KUBERNETES_URL'] || 'https://' + ENV.fetch('KUBERNETES_SERVICE_HOST') + ':' + ENV.fetch('KUBERNETES_SERVICE_PORT') + '/api'}"
+  verify_ssl "#{ENV['KUBERNETES_VERIFY_SSL'] || true}"
+  ca_file "#{ENV['KUBERNETES_CA_FILE']}"
+  skip_labels "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_LABELS'] || 'false'}"
+  skip_container_metadata "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_CONTAINER_METADATA'] || 'false'}"
+  skip_master_url "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_MASTER_URL'] || 'false'}"
+  skip_namespace_metadata "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_NAMESPACE_METADATA'] || 'false'}"
 </filter>
 
-# If we want to transform events we could use:
-#<filter **>
-#  @type record_transformer
-#  enable_ruby
-#  auto_typecast
-#  <record>
-#    hostname "#{Socket.gethostname}"
-#    mykey ${["message"=>record.to_json]}
-#  </record>
-#</filter>
+# Prefix the tag by namespace. This would make it easy to match logs by namespaces
+<match kubernetes.**>
+  @type rewrite_tag_filter
+  <rule>
+    key $.kubernetes.namespace_name
+    pattern ^(.+)$
+    tag $1.${tag}
+  </rule>
+</match>
 
-<match fluent.**>
-  @type null
+# Collect all kube apiserver audit logs
+<source>
+  @type tail
+  @id in_tail_kube_audit_logs
+  # audit log path of kube-apiserver
+  path "/var/log/kube-audit/audit.log"
+  pos_file /var/log/kube-audit.pos
+  tag kube-audit
+  <parse>
+    @type json
+    time_key timestamp
+    keep_time_key false
+    time_format %Y-%m-%dT%H:%M:%SZ
+  </parse>
+</source>
+
+# Loginsight doesn't support ingesting `source` as a field name, get rid of it
+<filter kube-audit>
+  @type record_transformer
+  @id filter_kube_audit_logs
+  enable_ruby
+  remove_keys source
+  <record>
+    log ${record}
+  </record>
+</filter>
+
+# You can catch and match logs by namespace
+<match my-namespace-one.** my-namespace-two.**>
+  @type vmware_loginsight
+  @id out_vmw_li_my_namespace_logs
+  scheme http
+  ssl_verify false
+  # Loginsight host: One may use IP address or cname
+  #host X.X.X.X
+  host MY_LOGINSIGHT_HOST
+  port 9000
+  agent_id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
+  # Keys from log event whose values should be added as log message/text to
+  # Loginsight. Note these key/value pairs  won't be added as metadata/fields
+  log_text_keys ["log","msg","message"]
+  # Use this flag if you want to enable http debug logs
+  http_conn_debug false
 </match>
 
+# Match everything else
 <match **>
   @type copy
   <store>
     @type vmware_loginsight
+    @id out_vmw_li_all_container_logs
     scheme https
     ssl_verify true
-#   Loginsight host: One may use IP address or cname
-#   host X.X.X.X
-    host my-loginsight.mycompany.com
-    port 9000
-    path api/v1/events/ingest
+    # Loginsight host: One may use IP address or cname
+    #host X.X.X.X
+    host MY_LOGINSIGHT_HOST
+    port 9543
     agent_id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
-    http_method post
-    serializer json
-    rate_limit_msec 0
-    raise_on_error false
+    # Keys from log event whose values should be added as log message/text to
+    # Loginsight. Note these key/value pairs  won't be added as metadata/fields
     log_text_keys ["log","msg","message"]
-    include_tag_key true
-    tag_key tag
+    # Use this flag if you want to enable http debug logs
+    http_conn_debug false
   </store>
-# copy plugin supports sending/copying logs to multiple plugins
-# One may choose to send them to multiple LIs
-# Or one may want send a copy to stdout for debugging
-#  <store>
-#    @type stdout
-#  </store>
+  # copy plugin supports sending/copying logs to multiple plugins
+  # One may choose to send them to multiple LIs
+  # Or one may want send a copy to stdout for debugging
+  # Please note, if you use stdout along with LI, catch the logger's log to make
+  # sure they're not cyclic
+  #<store>
+  #  @type stdout
+  #</store>
 </match>
+

data/examples/fluentd-vrli-plugin-debian.dockerfile

@@ -8,29 +8,41 @@
 # 
 # SPDX-License-Identifier: MIT
 
-# Builds a debian-based image that contains fluentd, fluent-plugin-vmware-loginsight, fluent-plugin-kubernetes_metadata_filter
-# and fluent-plugin-systemd.
+
+# Sample Dockerfile to use as log collector
+# Builds a debian-based fluentd image that has fluent-plugin-kubernetes_metadata_filter,
+# fluent-plugin-rewrite-tag-filter, fluent-plugin-systemd and
+# fluent-plugin-vmware-loginsight gem installed.
 #
-# The image is preconfigured with the fluent.conf from the examples dir. For more details see
+# This image will get preconfigured with the fluent.conf if avaialble at the
+# same dir level. For fluentd config example, see
 # https://github.com/vmware/fluent-plugin-vmware-loginsight/blob/master/examples/fluent.conf
-FROM fluent/fluentd:v0.14.15-debian-onbuild
-# Above image expects the loginsight plugin vmware_loginsight to be available under ./plugins/vmware_loginsight.rb
-# and fluentd config under ./fluent.conf by default
 
+# This base image is built from https://github.com/fluent/fluentd-kubernetes-daemonset
+FROM fluent/fluentd:v1.11-debian-1
+
+# Use root account to use apt
 USER root
 
-RUN buildDeps="sudo make gcc g++ libc-dev ruby-dev libffi-dev" \
+# You can install your plugins here
+RUN buildDeps="sudo make gcc g++ libc-dev" \
  && apt-get update \
  && apt-get install -y --no-install-recommends $buildDeps \
  && sudo gem install \
-        fluent-plugin-systemd \
-        fluent-plugin-kubernetes_metadata_filter \
-        fluent-plugin-vmware-loginsight \
+        fluent-plugin-kubernetes_metadata_filter:2.4.6 \
+        fluent-plugin-rewrite-tag-filter:2.3.0 \
+        fluent-plugin-systemd:1.0.2 \
+        fluent-plugin-vmware-loginsight:0.1.10 \
  && sudo gem sources --clear-all \
  && SUDO_FORCE_REMOVE=yes \
     apt-get purge -y --auto-remove \
                   -o APT::AutoRemove::RecommendsImportant=false \
                   $buildDeps \
  && rm -rf /var/lib/apt/lists/* \
-           /home/fluent/.gem/ruby/2.3.0/cache/*.gem \
-           /home/root/.gem/ruby/2.3.0/cache/*.gem
+ && rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem
+
+#  You can install the LI plugin using a gem or if you want to test your
+#  changes to plugin, you may add the .rb directly under `plugins` dir, then
+#  you don't need to install the gem
+COPY plugins /fluentd/plugins/
+

data/examples/k8s-log-collector-ds.yaml

@@ -23,30 +23,32 @@ data:
   myapp-fluent.conf: |
     # Input sources
     @include general.conf
-    @include systemd-input.conf
-    @include kubernetes-input.conf
-
-    # Parsing/Filtering
-    @include kubernetes-filter.conf
+    @include systemd.conf
+    @include kubernetes.conf
+    @include kube-audit.conf
 
     # Forwading - Be vigilant of the order in which these plugins are specified. Order matters!
-    @include myapp-loginsight-output.conf
+    @include vmw-li.conf
 
   general.conf: |
     <system>
       log_level info
     </system>
     # Prevent fluentd from handling records containing its own logs to handle cycles.
-    <match fluent.**>
-      @type null
-    </match>
+    <label @FLUENT_LOG>
+      <match fluent.**>
+        @type null
+      </match>
+    </label>
 
-  systemd-input.conf: |
+  systemd.conf: |
+    # Journal logs
     <source>
       @type systemd
+      @id in_systemd_logs
       path /run/log/journal
       # Can filter logs if we want, e.g.
-      # filters [{ "_SYSTEMD_UNIT": "kubelet.service" }]
+      #filters [{ "_SYSTEMD_UNIT": "kubelet.service" }]
       <storage>
         @type local
         persistent true
@@ -57,70 +59,114 @@ data:
       strip_underscores true
     </source>
 
-  kubernetes-input.conf: |
+  kubernetes.conf: |
+    # Container logs
+    # Kubernetes docker logs are stored under /var/lib/docker/containers for
+    # which kubernetes creates a symlink at /var/log/containers
     <source>
       @type tail
+      @id in_tail_container_logs
       path /var/log/containers/*.log
       # One could exclude certain logs like:
-      # exclude_path ["/var/log/containers/log-collector*.log"]
+      #exclude_path ["/var/log/containers/log-collector*.log"]
       pos_file /var/log/fluentd-docker.pos
-      time_format %Y-%m-%dT%H:%M:%S
-      tag kubernetes.*
-      format json
       read_from_head true
+      # Set this watcher to false if you have many files to tail
+      enable_stat_watcher false
+      refresh_interval 5
+      tag kubernetes.*
+      <parse>
+        @type json
+        time_key time
+        keep_time_key true
+        time_format %Y-%m-%dT%H:%M:%S.%NZ
+      </parse>
     </source>
-
-  kubernetes-filter.conf: |
+    # Kubernetes metadata filter that tags additional meta data for each container event
     <filter kubernetes.**>
       @type kubernetes_metadata
-      merge_json_log true
-      preserve_json_log true
+      @id filter_kube_metadata
+      kubernetes_url "#{ENV['FLUENT_FILTER_KUBERNETES_URL'] || 'https://' + ENV.fetch('KUBERNETES_SERVICE_HOST') + ':' + ENV.                  fetch('KUBERNETES_SERVICE_PORT') + '/api'}"
+      verify_ssl "#{ENV['KUBERNETES_VERIFY_SSL'] || true}"
+      ca_file "#{ENV['KUBERNETES_CA_FILE']}"
+      skip_labels "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_LABELS'] || 'false'}"
+      skip_container_metadata "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_CONTAINER_METADATA'] || 'false'}"
+      skip_master_url "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_MASTER_URL'] || 'false'}"
+      skip_namespace_metadata "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_NAMESPACE_METADATA'] || 'false'}"
+    </filter>
+
+    # Prefix the tag by namespace. This would make it easy to match logs by namespaces
+    <match kubernetes.**>
+      @type rewrite_tag_filter
+      <rule>
+        key $.kubernetes.namespace_name
+        pattern ^(.+)$
+        tag $1.${tag}
+      </rule>
+    </match>
+
+  kube-audit.conf: |
+    # Kube-apiserver audit logs
+    <source>
+      @type tail
+      @id in_tail_kube_audit_logs
+      # path to audit logs for kube-apiserver
+      path "/var/log/kube-audit/audit.log"
+      pos_file /var/log/kube-audit.pos
+      tag kube-audit
+      <parse>
+        @type json
+        time_key timestamp
+        keep_time_key false
+        time_format %Y-%m-%dT%H:%M:%SZ
+      </parse>
+    </source>
+    # Loginsight doesn't support ingesting `source` as a field name, get rid of it
+    <filter kube-audit>
+      @type record_transformer
+      @id filter_kube_audit_logs
+      enable_ruby
+      remove_keys source
+      <record>
+        log ${record}
+      </record>
     </filter>
 
-  myapp-loginsight-output.conf: |
+  vmw-li.conf: |
+    # Match everything
     # We are capturing all log messages and redirecting them to endpoints mentioned in each <store> tag.
     # One may redirect these logs to muliple endpoints (including multiple LI instances).
     # Or one may chose to tag their specific logs and add their own config to capture those tagged logs and redirect
-    # them to appropriate endpoint. This specific config needs to preceed this generic one.
+    # them to appropriate endpoint. That specific config needs to preceed this generic one.
     <match **>
       @type copy
       <store>
         @type vmware_loginsight
+        @id out_vmw_li_all_container_logs
         scheme https
         ssl_verify true
         # Loginsight host: One may use IP address or cname
-        # host X.X.X.X
-        host my-loginsight.mycompany.com
-        port 9000
-        path api/v1/events/ingest
+        #host X.X.X.X
+        host MY_LOGINSIGHT_HOST
+        port 9543
         agent_id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
-        http_method post
-        serializer json
-        rate_limit_msec 0
-        raise_on_error false
-        include_tag_key true
-        tag_key tag
+        # Keys from log event whose values should be added as log message/text to
+        # Loginsight. Note these key/value pairs  won't be added as metadata/fields
+        log_text_keys ["log","msg","message"]
+        # Use this flag if you want to enable http debug logs
+        http_conn_debug false
       </store>
-      # If we want to debug and send logs to stdout as well
-      # <store>
-      #   @type stdout
-      # </store>
+      # copy plugin supports sending/copying logs to multiple plugins
+      # One may choose to send them to multiple LIs
+      # Or one may want send a copy to stdout for debugging
+      # Please note, if you use stdout along with LI, catch the logger's log to make
+      # sure they're not cyclic
+      #<store>
+      #  @type stdout
+      #</store>
     </match>
 
 
-  extra.conf: |
-    # If we want to transform events we could use:
-    #<filter **>
-    #  @type record_transformer
-    #  enable_ruby
-    #  auto_typecast
-    #  <record>
-    #    hostname "#{Socket.gethostname}"
-    #    mykey ${["message"=>record.to_json]}
-    #  </record>
-    #</filter>
-
-
 ---
 kind: DaemonSet
 apiVersion: extensions/v1beta1
@@ -131,8 +177,21 @@ metadata:
     app: "log-collector"
     version: v1
 spec:
+  selector:
+    matchLabels:
+      app: "log-collector"
+  revisionHistoryLimit: 3
+  minReadySeconds: 10
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      # How many pods can be unavailable during the rolling update.
+      maxUnavailable: 3
   template:
     metadata:
+      annotations:
+        # One may use this annotation to trigger rollout whenever fluentd config changes
+        configHash: GENERATED_HASH
       labels:
         app: "log-collector"
         version: v1

data/fluent-plugin-vmware-loginsight.gemspec

@@ -14,7 +14,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name    = "fluent-plugin-vmware-loginsight"
-  spec.version = "0.1.10"
+  spec.version = File.read("VERSION").strip
   spec.authors = ["Vishal Mohite", "Chris Todd"]
   spec.email   = ["vmohite@vmware.com", "toddc@vmware.com"]
 

data/lib/fluent/plugin/out_vmware_loginsight.rb

@@ -70,6 +70,8 @@ module Fluent
       config_param :flatten_hashes, :bool, :default => true
       # Seperator to use for joining flattened keys
       config_param :flatten_hashes_separator, :string, :default => "_"
+      # Rename fields names
+      config_param :rename_fields, :hash, default: {"source" => "log_source"}, value_type: :string
 
       # Keys from log event to rewrite
       # for instance from 'kubernetes_namespace' to 'k8s_namespace'
@@ -164,6 +166,10 @@ module Fluent
         flattened_records.each do |key, value|
           begin
             next if value.nil?
+            # check if name of the key should be replaced
+            if @rename_fields.has_key?(key)
+              key = @rename_fields[key]
+            end
             # LI doesn't support duplicate fields, make unique names by appending underscore
             key = shorten_key(key)
             while keys.include?(key)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-vmware-loginsight
 version: !ruby/object:Gem::Version
-  version: 0.1.10
+  version: 0.1.11
 platform: ruby
 authors:
 - Vishal Mohite
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-13 00:00:00.000000000 Z
+date: 2021-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -87,6 +87,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- VERSION
 - examples/fluent.conf
 - examples/fluentd-vrli-plugin-debian.dockerfile
 - examples/fluentd-vrli-plugin-photon-tdnf.dockerfile