# This configuration file for Fluentd / td-agent is used
# to watch changes to Docker log files that live in the
# directory /var/lib/docker/containers/ which are then submitted to
# Elasticsearch (running on the machine %ES_HOST%:9200) which
# assumes the installation of the fluentd-elasticsearch plug-in.
# See https://github.com/uken/fluent-plugin-elasticsearch for
# more information about the plug-in. This file needs to be
# patched to replace ES_HOST with the name of the actual
# machine running Elasticsearch.
# Maintainer: Satnam Singh (satnam@google.com)
#
# Exampe
# ======
# A line in the Docker log file might like like this JSON:
#
# {"log":"2014/09/25 21:15:03 Got request with path wombat\n",
#  "stream":"stderr",
#   "time":"2014-09-25T21:15:03.499185026Z"}
#
# The time_format specification below makes sure we properly
# parse the time format produced by Docker. This will be
# submitted to Elasticsearch and should appear like:
# $ curl 'http://elasticsearch:9200/_search?pretty'
# ...
# {
#      "_index" : "logstash-2014.09.25",
#      "_type" : "fluentd",
#      "_id" : "VBrbor2QTuGpsQyTCdfzqA",
#      "_score" : 1.0,
#      "_source":{"log":"2014/09/25 22:45:50 Got request with path wombat\n",
#                 "stream":"stderr","tag":"docker.container.all",
#                 "@timestamp":"2014-09-25T22:45:50+00:00"}
#    },
# ...

<source>
  type tail
  format json
  time_key time
  path /var/lib/docker/containers/*/*-json.log
  pos_file /var/lib/docker/containers/es-containers.log.pos
  time_format %Y-%m-%dT%H:%M:%S
  tag docker.*
  read_from_head true
</source>

<match docker.**>
   type elasticsearch
   log_level info
   include_tag_key true
   host elasticsearch-logging.default
   port 9200
   logstash_format true
   flush_interval 5s
   # Never wait longer than 5 minutes between retries.
   max_retry_wait 300
   # Disable the limit on the number of retries (retry forever).
   disable_retry_limit
</match>

<source>
  type tail
  format none
  path /varlog/kubelet.log
  pos_file /varlog/es-kubelet.log.pos
  tag kubelet
</source>

<match kubelet>
   type elasticsearch
   log_level info
   include_tag_key true
   host elasticsearch-logging.default
   port 9200
   logstash_format true
   flush_interval 5s
   # Never wait longer than 5 minutes between retries.
   max_retry_wait 300
   # Disable the limit on the number of retries (retry forever).
   disable_retry_limit
</match>