-
Notifications
You must be signed in to change notification settings - Fork 1
/
fluent-bit-filters.conf
90 lines (79 loc) · 1.78 KB
/
fluent-bit-filters.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
[FILTER]
Name modify
Match *
Add _ecs_version 1.4.0
Add _agent_type fluent-bit
# Observer
[FILTER]
Name modify
Match *
Add _observer_hostname ${observer_hostname}
Add _observer_type ${observer_type}
Add _observer_product ${observer_product}
Add _observer_version ${observer_version}
# Event
[FILTER]
Name modify
Match ${observer_product}.*
Add _event_module ${observer_product}
# Labels
[FILTER]
Name modify
Match *
Add _labels_pipeline ${labels_pipeline}
Add _labels_env ${labels_env}
# Telemetry
[FILTER]
Name lua
Match *
Script telemetry.lua
Call set_event_created
@INCLUDE fluent-bit-filters-bro.conf
# ECS: Nest JSON objects to comply with ECS notation: ECS
[FILTER]
Name nest
Match *
Operation nest
Wildcard _ecs_*
Nest_under ecs
Remove_prefix _ecs_
# ECS: Nest JSON objects to comply with ECS notation: AGENT
[FILTER]
Name nest
Match *
Operation nest
Wildcard _agent_*
Nest_under agent
Remove_prefix _agent_
# ECS: Nest JSON objects to comply with ECS notation: EVENT
[FILTER]
Name nest
Match *
Operation nest
Wildcard _event_*
Nest_under event
Remove_prefix _event_
# ECS: Nest JSON objects to comply with ECS notation: OBSERVER
[FILTER]
Name nest
Match *
Operation nest
Wildcard _observer_*
Nest_under observer
Remove_prefix _observer_
# ECS: Nest JSON objects to comply with ECS notation: LABELS
[FILTER]
Name nest
Match *
Operation nest
Wildcard _labels_*
Nest_under labels
Remove_prefix _labels_
# ECS: Nest JSON objects to comply with ECS notation: LOG
[FILTER]
Name nest
Match *
Operation nest
Wildcard _log_*
Nest_under log
Remove_prefix _log_