Use Filters with Fluentd

In this lab, you will be tasked with creating a Fluentd configuration file. This configuration will have settings that will read the `/var/log/messages` file. You will add a filter to the configuration that will use the `grep `directive to search the events from the messages file and echo to the Fluentd log those events that contain the searched-for text. You will be provided a server that has Fluentd already installed and working.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create Configuration File

Create a file called /etc/td-agent/filter-grep.conf. In this file, you will create a configuration that reads the contents of the /var/log/messages file and outputs to the Fluentd stdout.

Add a Filter

You will add a filter to the above configuration that uses grep to search using <regexp> with the key of message for a pattern of test. The output will be directed to the stdout for Fluentd.

Test the Filter Is Working

Start Fluentd via td-agent and use the -c option to include the configuration file you just made.

If you test by sending messages to the /var/log/messages log, you should use the word test as part of the testing.

You should see only output that has test in the string.

The command logger may be used to test sending your message to the log.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Use Filters with Fluentd

About this Hands-on Lab

Learning Objectives

Additional Resources

What are Hands-on Labs

Newsletter