'In fluentd how to parse logs and create fields based on key values

In fluentd how do i parse this log and get fields like ip, method and severity by using grok pattern or json

{"log":"2019-08-09 06:54:36,774 INFO 10.2.1.200 [09/Aug/2019:06:54:36 +0000] \"GET / HTTP/1.1\" 200 205 \"-\" \"HCELB/2.0\"\n","stream":"stderr","time":"2019-08-09T06:54:36.77499244Z"}
fluentfluentd


Solution 1:[1]

thanks @gehbiszumeis your precious help ,i made my own to fix it .For future anyone needed

      @type tail
      path /var/log/containers/container-name-*.log
      tag tag_name
      read_from_head true
      <parse>
        @type multi_format
        <pattern>
          format json
        </pattern>
      </parse>
    </source>
    <filter tag_name>
      @type parser
      key_name log
      reserve_data true
      time_key time
      time_format %Y-%m-%dT%H:%M:%S.%NZ
      <parse>
        @type grok
        grok_failure_key grokfailure
        <grok>
          pattern %{TIMESTAMP_ISO8601:time} %{WORD:severity} %{GREEDYDATA:message}
        </grok>
      </parse>
    </filter>
     <filter tag_name>
      @type record_transformer
      remove_keys log,stream
      <record>
        type tag_name
      </record>
    </filter>
    ```

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 S Mohan

Related Questions