VictoriaMetrics/deployment/docker/victorialogs/fluentbit
Andrii Chubatiuk d5fe4566e5
app/vlinsert: support getting _msg_field, _time_field, _stream_fields and _ignore_fields from headers
*  Many collectors don't support forwarding url query params to the remote system. It makes impossible to define stream fields for it. Workaround with proxy between VictoriaLogs and log shipper is too complicated solution.

* This commit adds the following changes:
 * Adds fallback to to headers params, if query param is empty for:
     _msg_field -> VL-Msg-Field
    _stream_fields -> VL-Stream-Fields
    _ignore_fields -> VL-Ignore-Fields
    _time_field -> VL-Time-Field
 * removes deprecations from victorialogs compose files, added more
output format examples for logstash, telegraf, fluent-bit

 related issue: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5310
2024-09-03 20:24:00 +02:00
..
compose.yml app/vlinsert: support getting _msg_field, _time_field, _stream_fields and _ignore_fields from headers 2024-09-03 20:24:00 +02:00
fluent-bit.conf app/vlinsert: support getting _msg_field, _time_field, _stream_fields and _ignore_fields from headers 2024-09-03 20:24:00 +02:00
README.md app/vlinsert: support getting _msg_field, _time_field, _stream_fields and _ignore_fields from headers 2024-09-03 20:24:00 +02:00

Docker compose Fluentbit integration with VictoriaLogs for docker

The folder contains the example of integration of fluentbit with Victorialogs

To spin-up environment run the following command:

docker compose up -d 

To shut down the docker-compose environment run the following command:

docker compose down
docker compose rm -f

The docker compose file contains the following components:

  • fluentbit - fluentbit is configured to collect logs from the docker, you can find configuration in the fluent-bit.conf. It writes data in VictoriaLogs
  • VictoriaLogs - the log database, it accepts the data from fluentbit by json line protocol

Querying the data

  • vmui - a web UI is accessible by http://localhost:9428/select/vmui
  • for querying the data via command-line please check these docs

the example of fluentbit configuration(filebeat.yml)

[INPUT]
    name              tail
    path              /var/lib/docker/containers/**/*.log
    multiline.parser  docker, cri
    Parser docker
    Docker_Mode  On

[INPUT]
    Name     syslog
    Listen   0.0.0.0
    Port     5140
    Parser   syslog-rfc3164
    Mode     tcp

[SERVICE]
    Flush        1
    Parsers_File parsers.conf

[Output]
    Name http
    Match *
    host victorialogs
    port 9428
    compress gzip
    uri /insert/jsonline?_stream_fields=stream&_msg_field=log&_time_field=date
    format json_lines
    json_date_format iso8601
    header AccountID 0
    header ProjectID 0

Please, note that _stream_fields parameter must follow recommended best practices to achieve better performance.