You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Windows 2016
FB version 2.0.9
NR output plugin v1.14.2
It appears that the output plugin does not accept logs that have been parsed with Time_Format.
I have logs (logs from Fluent Bit itself, actually) and have created a parser for them. However if I use Time_Format the logs do not appear in NR. If I comment out the Time_Format parameter, logs appear.
[PARSER]
# https://rubular.com/r/Ia6N216DDOpL30
Name fblog
Format regex
Regex ^\[(?<time>[^ ]* [^ ]*)\] \[(?<level>[^\]]*)\] \[(?<process>.*?)\] (?<message>[^\]].*)\]?$
Time_Key time
Time_Keep On
Time_Offset -0600
Time_Format %Y/%m/%d%t%T
[INPUT]
Name tail
Tag log.fb
Path C:\Users\Admin\Documents\fluentbit.log
Refresh_Interval 1
Parser fblog
DB C:\Program Files\fluent-bit\bin\fblog.sqlite
To ensure that the parser was actually working I added an [OUTPUT] block to send the parsed logs to a file:
[OUTPUT]
Name file
Match *
Path C:\Users\Admin\Documents\
File fblog_after_parse.log
Format template
Template {time} Log level: {level} Process: {process} Message: {message}
This worked fine:
1682835222.529526 Log level: debug Process: task Message: created task=0000028179C75510 id=0 OK
1682835222.529534 Log level: debug Process: output:file:file.1 Message: task_id=0 assigned to thread #0
1682835222.529542 Log level: debug Process: out flush Message: cb_destroy coro_id=58
1682835222.529550 Log level: debug Process: out flush Message: cb_destroy coro_id=58
1682835222.529566 Log level: debug Process: task Message: destroy task=0000028179C75510 (task_id=0)
1682835222.529575 Log level: debug Process: input:tail:tail.0 Message: 0 new files found on path 'C:\Users\Admin\Documents\fluentbit.log'
1682835222.793225 Log level: debug Process: input chunk Message: update output instances with new chunk size diff=1059
1682835223.028694 Log level: debug Process: input chunk Message: update output instances with new chunk size diff=167
There are no errors in from FB's own error log and the parsed logs go to a file output just fine, but there are no NrIntegrationErrors either so I don't think the output plugin is even sending them at all.
The text was updated successfully, but these errors were encountered:
Windows 2016
FB version 2.0.9
NR output plugin v1.14.2
It appears that the output plugin does not accept logs that have been parsed with Time_Format.
I have logs (logs from Fluent Bit itself, actually) and have created a parser for them. However if I use Time_Format the logs do not appear in NR. If I comment out the Time_Format parameter, logs appear.
To ensure that the parser was actually working I added an [OUTPUT] block to send the parsed logs to a file:
This worked fine:
There are no errors in from FB's own error log and the parsed logs go to a file output just fine, but there are no
NrIntegrationErrors either so I don't think the output plugin is even sending them at all.The text was updated successfully, but these errors were encountered: