Systemd

The Systemd input plugin allows to collect log messages from the Journald daemon on Linux environments.

Configuration Parameters

The plugin supports the following configuration parameters:

Key Description Default
Path Optional path to the Systemd journal directory, if not set, the plugin will use default paths to read local-only logs.
Max_Fields Set a maximum number of fields (keys) allowed per record. 8000
Max_Entries When Fluent Bit starts, the Journal might have a high number of logs in the queue. In order to avoid delays and reduce memory usage, this option allows to specify the maximum number of log entries that can be processed per round. Once the limit is reached, Fluent Bit will continue processing the remaining log entries once Journald performs the notification. 5000
Systemd_Filter allows to perform a query over logs that contains a specific Journald key/value pairs, e.g: _SYSTEMD_UNIT=UNIT. The Systemd_Filter option can be specified multiple times in the input section to apply multiple filters as required.
Tag The tag is used to route messages but on Systemd plugin there is an extra functionality: if the tag includes a star/wildcard, it will be expanded with the Systemd Unit file (e.g: host.* => host.UNIT_NAME).
DB Specify the absolute path of a database file to keep track of Journald cursor.
Read_From_Tail Start reading new entries. Skip entries already stored in Journald. false
Strip_Underscores Delete underscores at the start of field name. This is useful when logs are further forwarded into elasticsearch, where fields with leading underscore are reserved for internal use. false

Getting Started

In order to receive Systemd messages, you can run the plugin from the command line or through the configuration file:

Command Line

From the command line you can let Fluent Bit listen for Systemd messages with the following options:

  1. $ fluent-bit -i systemd \
  2.              -p systemd_filter=_SYSTEMD_UNIT=docker.service \
  3.              -p tag='host.*' -o stdout

In the example above we are collecting all messages coming from the Docker service.

Configuration File

In your main configuration file append the following Input & Output sections:

  1. [SERVICE]
  2.     Flush        1
  3.     Log_Level    info
  4.     Parsers_File parsers.conf
  6. [INPUT]
  7.     Name            systemd
  8.     Tag             host.*
  9.     Systemd_Filter  _SYSTEMD_UNIT=docker.service
  11. [OUTPUT]
  12.     Name   stdout
  13.     Match  *