Skip to content
This repository was archived by the owner on Mar 21, 2020. It is now read-only.

Removed missing parameters #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Removed missing parameters #15

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 0 additions & 44 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,6 @@ This plugin interfaces with the Splunk HTTP Event Collector:
check_index false
source {TAG}
sourcetype fluent

# TIMESTAMP: key1="value1" key2="value2" ...
time_format unixtime
format kvp

# Memory buffer with a short flush internal.
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These parameters are actually quite valid, as this plugin is a buffered output plugin so these parameters configure the buffering.
http://docs.fluentd.org/v0.12/articles/buffer-plugin-overview
http://docs.fluentd.org/v0.12/articles/output-plugin-overview

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I add format - in debug it says that it is never used

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was specifically referencing the buffer parameters, that's why I placed my comment on L30

buffer_type memory
buffer_queue_limit 16
buffer_chunk_limit 8m
flush_interval 2s
</match>

## Installation
Expand Down Expand Up @@ -99,31 +89,6 @@ Put the following lines to your fluent.conf:
# default: fluent
sourcetype fluent

#
# Formatting Parameters
#

# time_format: the time format of each event
# value: none, unixtime, localtime, or any time format string
# default: localtime
time_format localtime

# format: the text format of each event
# value: json, kvp, or text
# default: json
#
# input = {"x":1, "y":"xyz", "message":"Hello, world!"}
#
# 'json' is JSON encoding:
# {"x":1,"y":"xyz","message":"Hello, world!"}
#
# 'kvp' is "key=value" pairs, which is automatically detected as fields by Splunk:
# x="1" y="xyz" message="Hello, world!"
#
# 'text' outputs the value of "message" as is, with "key=value" pairs for others:
# [x="1" y="xyz"] Hello, world!
format json

#
# Buffering Parameters
#
Expand Down Expand Up @@ -169,32 +134,23 @@ Put the following lines to your fluent.conf:
# fluent logs in text format
<match fluent.*>
type splunk-http-eventcollector
protocol rest
server splunk.example.com:8089
auth admin:pass
sourcetype fluentd
format text
</match>

# log files in text format without timestamp
<match *.log>
type splunk-http-eventcollector
protocol rest
server splunk.example.com:8089
auth admin:pass
sourcetype log
time_format none
format text
</match>

# application logs in kvp format
<match app.**>
type splunk-http-eventcollector
protocol rest
server splunk.example.com:8089
auth admin:pass
sourcetype app
format kvp
</match>

## Contributing
Expand Down