API tools faq
paste
Guest User

Untitled

a guest
Jul 16th, 2018
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.00 KB | None | 0 0
raw download clone embed print report
  1. <source>
  2. @type tail
  3. # audit log path of kube-apiserver
  4. path /tmp/kube-apiserver-audit.log
  5. pos_file /tmp/audit.pos
  6. format json
  7. time_key time
  8. time_format %Y-%m-%dT%H:%M:%S.%N%z
  9. tag audit
  10. </source>
  11.  
  12. <filter audit>
  13. #https://github.com/fluent/fluent-plugin-rewrite-tag-filter/issues/13
  14. type record_transformer
  15. enable_ruby
  16. <record>
  17. namespace ${record["objectRef"].nil?"none":(record["objectRef"]["namespace"].nil? "none":record["objectRef"]["namespace"])}
  18. </record>
  19. </filter>
  20.  
  21. <match audit>
  22. # route audit according to namespace element in context
  23. @type rewrite_tag_filter
  24. rewriterule1 namespace ^(.+) ${tag}.$1
  25. </match>
  26.  
  27. <filter audit.**>
  28. @type record_transformer
  29. remove_keys namespace
  30. </filter>
  31.  
  32. <match audit.**>
  33. @type forest
  34. subtype file
  35. remove_prefix audit
  36. <template>
  37. time_slice_format %Y%m%d%H
  38. compress gz
  39. path /tmp/audit-${tag}.*.log
  40. format json
  41. include_time_key true
  42. </template>
  43. </match>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!