# fluentd Log 去哪兒 ``` <system> dir_permission 0777 </system> <source> @type tail path /alloc/logs/app.log pos_file /alloc/logs/kkbox.web-docsearch.application.pos tag kkbox.web-docsearch.application read_from_head true <parse> @type json time_key time time_format %Y-%m-%dT%H:%M:%S.%LZ </parse> </source> <source> @type tail path /alloc/logs/usage.log pos_file /alloc/logs/kkbox.web-docsearch.application.usage.pos tag kkbox.web-docsearch.application.usage read_from_head true <parse> @type json time_key time time_format %Y-%m-%dT%H:%M:%S.%LZ </parse> </source> <source> @type tail read_from_head true tag kkbox.web-docsearch.gunicorn.access path /alloc/logs/gunicorn-access.log pos_file /alloc/logs/kkbox.web-docsearch.gunicorn.access.pos <parse> @type regexp expression /^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: (?<time_taken>[^ ]*))?(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$/ time_format %d/%b/%Y:%H:%M:%S %z types code:integer, size:integer, time_taken:integer null_value_pattern ^(-)$ </parse> </source> <source> @type tail read_from_head true tag kkbox.web-docsearch.gunicorn.error path /alloc/logs/gunicorn-error.log pos_file /alloc/logs/kkbox.web-docsearch.gunicorn.error.pos <parse> @type multiline format_firstline /^\[[^\]]*\]/ format1 /^\[(?<time>[^\]]*)\](?: \[(?<pid>[^\]]*)\])? \[(?<level>[^\]]*)\] (?<message>.*)$/ time_format %Y-%m-%d %H:%M:%S %z </parse> </source> <filter **> @type record_transformer <record> hostname {{ env "NOMAD_ALLOC_ID" }} </record> </filter> <match **> @type forward expire_dns_cache 60 dns_round_robin true <buffer> @type file path /alloc/buffer/forward-aggregator chunk_limit_size 1m total_limit_size 10g chunk_full_threshold 0.9 flush_thread_count 8 flush_at_shutdown true </buffer> <server> host fluentd-docsearch.service.sanchong.consul port 24224 </server> </match> ``` - source：parser 作用，設定 log 格式 - match：router 作用，設定 log 去哪裡 - filter：功能比較多，可以過濾欄位，或是改變欄位內容 - buffer：預防塞車