search

fluent-plugins-nursery / fluent-plugin-systemd

This is a fluentd input plugin. It reads logs from the systemd journal.
Apache License 2.0
153 stars 43 forks source link

no patterns matched tag #1

Closed yifan-gu closed 8 years ago

yifan-gu commented 8 years ago

Hello, I am trying to play with journal logs using the plugin, but I saw no patterns matched tag error. I am new to fluentd, not sure if I am missing anything?

My config is:

<source>
  type systemd
  path /run/log/journal
  filters [{ "_SYSTEMD_UNIT": "docker.service" }]
  tag docker
  read_from_head true
</source>
$ fluentd -c /tmp/conf/journal.conf 
2016-02-25 20:01:49 +0000 [info]: reading config file path="/tmp/conf/journal.conf"
2016-02-25 20:01:49 +0000 [info]: starting fluentd-0.12.20
2016-02-25 20:01:49 +0000 [info]: gem 'fluent-plugin-systemd' version '0.0.2'
2016-02-25 20:01:49 +0000 [info]: gem 'fluentd' version '0.12.20'
2016-02-25 20:01:49 +0000 [info]: adding source type="systemd"
2016-02-25 20:01:49 +0000 [info]: using configuration file: <ROOT>
  <source>
    type systemd
    path /run/log/journal
    filters [{"_SYSTEMD_UNIT":"docker.service"}]
    tag docker
    read_from_head true
  </source>
</ROOT>
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:49 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:50 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:50 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:50 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:50 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:50 +0000 [warn]: no patterns matched tag="docker"
2016-02-25 20:01:50 +0000 [warn]: no patterns matched tag="docker"

Thank you.

yifan-gu commented 8 years ago

cc @chancez

errm commented 8 years ago

You need to have a match block to send your logs someplace.

The simplest thing you could do is write them to a file, try something like this...

Or take a look at the documentation at http://docs.fluentd.org/articles/output-plugin-overview

<match docker>
  @type file
  path /var/log/fluent/docker.log
  time_slice_format %Y%m%d
  time_slice_wait 10m
  time_format %Y%m%dT%H%M%S%z
  compress gzip
  utc
</match>
yifan-gu commented 8 years ago

@errm Thank you, I will try.

errm commented 8 years ago

Hi @yifan-gu did you have a chance to see if that solved your issue...

yifan-gu commented 8 years ago

@errm Sorry for the late reply. It works. Thank you :)

errm commented 8 years ago

Awesome, good news :) You might also want to check out the container we use for pushing logs on coreos . . . https://github.com/assemblyline/fluentd