Fluentd Forward

Overview Copied

Fluentd is an open-source application used for unifying log collection and aggregation. Fluentd supports the Fluentd Forward protocol for inbound and outbound routing of events between other Fluentd instances.

The Fluentd Forward plugin provides a collector that supports the inbound Fluentd Forward protocol messages and allows Geneos to receive Fluentd Forward unified logs for visualisation, analysis, and storage.

Compatibility with Fluentd Forward protocol specification Copied

The protocol specifies many options and only some are currently supported. The following section provides an overview of what is currently supported and not supported:

Protocol Supported Not supported
Heartbeat Message UDP heartbeats on the same port as the TCP listener TCP heartbeats
Network Transport Protocol Plain TCP and TLS/SSL
Connection Phases Transport — the server goes directly to this phase and ignores handshakes from the client. Handshake — including associated message exchanges, such as authentication.
Event Modes All MessagePack modes, such as:
  • Message mode
  • Forward mode
  • PackedForward mode
  • CompressedPackedForward mode
JSON payloads
Timestamp EventTime format and Integer format
Acks Acks via the chunk option

Prerequisites Copied

Geneos environment Copied

The latest version of the Fluentd Forward plugin requires Gateway and Netprobe version 6.1.x or higher. The same version must be used for the GSE schema.

The Fluentd Forward plugin binaries are packaged with Netprobe 6.1.x and are stored in the collection_agent folder.

Alternatively, you can download separate binaries for the Fluentd Forward plugin from the ITRS Downloads.

Configure Geneos to deploy the Fluentd Forward plugin Copied

The Fluentd Forward plugin supports Collection Agent publishing into Geneos using dynamic Managed Entities. To set up the Fluentd Forward plugin in Geneos, follow these steps:

  1. Set up your plugin either by:
    • Setting up your collector in the Gateway Setup Editor by adding the following configuration in Managed EntitiesCollectors. For more information, see Collectors in Dynamic Entities.
    • Adding the following configuration in collection-agent.yml file on your local machine where the binaries are stored.
    collectors:
    - type: plugin
        class-name: FluentdForwardCollector
    
        # Required. Port on which to receive TCP (+ TLS/SSL) messages and UDP heartbeats.
        port: 24224
    
        # Acceptor thread pool size (default = 1)
        acceptor-thread-pool-size: 1
    
        # Worker thread pool size (default = 1)
        worker-thread-pool-size: 1
    
        # Optional TLS configuration.
        tls-config:
        # Required when tls-config is configured.
        # Server key - required to enable TLS
        key-file: /path/to/private_key.pem
        # Required when tls-config is configured.
        # Server certificate - required to enable TLS.
        cert-file: /path/to/cert_file.pem
        # Client trust chain - only required for client authentication.
        trust-chain-file: /path/to/trust_chain.pem
    
        # Required. Name of event data key to use as the log event name.
        name-key: ident
    
        # Optional tag mapping.
        # Every batch of messages contains a tag which may be mapped into log events.
        # Values:
        #   - none (default): ignored the tag
        #   - namespace: tag value is appended to the log event namespace
        #   - name: tag value is prepended to the log event name
        #   - dimension: tag value is added as a dimension
        tag-mapping: none
    
        # Optional. Name of event data key to use to extract the log event message.
        # Default is 'message'.
        message-key: message
    
        # Optional. Event data keys to use as dimension keys.
        # The key here is used as the search key in the event data and value (if any)
        # is inserted as a dimension with key mapped as specified.
        dimensions:
        # If event data contains {host=www.myhost.com} then it is mapped to a dimension {host.name=www.myhost.com}.
        host: host.name
        pid: pid.number
    
        # Optional. Event data key and optional mappings to extract severity from the event data.  
        severity-mapping:
        # Event data key to use to extract severity value.
        key: level
        # Optional severity mapping value in case source system uses different values.
        # Supported target values are: [none, trace, debug, info, warn, error, critical]
        values:
            fatal: critical
    
  2. Configure your custom mappings in the Dynamic entities > Mappings setting in the Gateway Setup Editor. For more information, see Mapping and mapping group in Dynamic Entities. Below is an example of a custom mapping for Fluentd Forward.

fluentd-custom-mapping 3. Configure your other Dynamic Entities in the Gateway. See Create Dynamic Entities in Collection Agent setup for a more detailed procedure.

Alternatively, you can use Self-announcing Netprobes to enable dynamic entities. See Self-announcing Netprobe in Collection Agent setup.

Note

To check if there are any errors in the mapping, you can set up the Dynamic Entities Health, or look at the Collection Agent log file in Collection Agent setup.

Example dataview Copied

Below is a sample dataview using the custom mappings above.

fluentd-dataview

To define how items in the Geneos tree structure are generated from the labels of a datapoint, see Geneos items in Dynamic Entities.

["Geneos"] ["Geneos > Netprobe"] ["User Guide"]

Was this topic helpful?