search

fangli / fluent-plugin-influxdb

A buffered output plugin for fluentd and InfluxDB
MIT License
111 stars 65 forks source link

Measurement configruation #66

Closed tevjef closed 7 years ago

tevjef commented 7 years ago

Is there a way to choose or override the default measurement/series name? Currently it defaults to the fluentd tag which is not ideal in some configruations.

repeatedly commented 7 years ago

What does 'measurement name' mean?

tevjef commented 7 years ago

It seems like it is called "series" in the InfluxDB ruby library. Other InfluxDB libraries I've used (Go, Java, Javascript) call it the "measurement". An issue was raised in the library repo for this naming issue.

Here is the value I'd like to be customizable: https://github.com/fangli/fluent-plugin-influxdb/blob/master/lib/fluent/plugin/out_influxdb.rb#L143

irom77 commented 7 years ago

I have probably similar question. I got this plugin writing syslog to InfluxDB , but I don't like whole 'message' as InfluxDB tag like below

> select * from "syslog.local0.err" limit 1
name: syslog.local0.err
-----------------------
time                    host                            ident   message
1484667052000000000     MR-DC.com  1       30:52,001901000999,THREAT,vulnerability,1,2016/01/17 15:30:52,10.3.2.7,155.19.1.6,20.16.12.5,15.19.9.9,to INTERNET,wm\clustersqlservice,,ssh,vsys1,db_backups,isp2,ae1.22,ae3.32,LF-kibana,2016/01/17 15:30:52,67393685,1,49426,22,62473,22,0x80404000,tcp,alert,"",SSH User Authentication Brute Force Attempt(40015),any,high,client-to-server,7899681,0x0,10.0.0.0-10.255.255.255,US,0,,1490491961841411253,,,0,,,,,,,,0,38,0,0,0,PROD,MR-DC,

what I want is to use format csv (see commented below) and get field1,2,3 in InfluxDB, but once I try to uncomment it I don't receive anything in the InfluxDB

<source>
  @type syslog       
  bind 0.0.0.0      
  port 11514            
  tag syslog #syslog.local0.err local0.crit 
  #format csv
  #keys field1, field2, field3
</source>
repeatedly commented 7 years ago

Is measurement parameter enough? Configuration example:

<match app.**>
  @type influxdb
  measurement foo # use foo instead of tag
</match>

I will implement this parameter soon.

tevjef commented 7 years ago

That would be perfect!

repeatedly commented 7 years ago

Added and released v0.3.2. Try it!

tevjef commented 7 years ago

Thanks! It works perfectly.