search

fluent / fluent-plugin-grok-parser

Fluentd's Grok parser
Other
107 stars 31 forks source link

Using variable as grok pattern #90

Open dudicoco opened 3 years ago

dudicoco commented 3 years ago

Hi all, I want to use a k8s annotation as my grok value, I have tried the following:

    <filter kubernetes.**>
      @type parser
      enable_ruby
      key_name log
      <parse>
        @type grok
        grok_pattern ${record["kubernetes"]["annotations"]["fluentd.grok"]}
      </parse>
    </filter>

Annotation:

fluentd.grok: "%{LOGLEVEL:severity}"

I'm getting the following error:

│ 2020-12-15 16:10:29 +0000 [info]: Expanded the pattern ${record["kubernetes"]["annotations"]["fluentd.regexp"]} into ${record["kubernetes"]["annotations"]["fluentd.regexp"]}                                                                                                                                            │
│ 2020-12-15 16:10:29 +0000 [error]:  error_class=Fluent::ConfigError error="No named captures in 'expression' parameter. The regexp must have at least one named capture"                                                                                                                                                 │
│ 2020-12-15 16:10:29 +0000 [error]: config error file="/fluentd/etc/fluent.conf" error_class=Fluent::ConfigError error="no grok patterns. Check configuration, e.g. typo, configuration syntax, etc"

Can someone please advise? Thanks!