fluent.conf

########## input ##########
## system log from systemd
<source>
  @type systemd
  tag dtdream.system.systemd
  path /fluentd/log/journal
  filters [{ "_SYSTEMD_UNIT": "docker.service" }, { "_SYSTEMD_UNIT": "kube-proxy.service" }, { "_SYSTEMD_UNIT": "kubelet.service" }, { "_SYSTEMD_UNIT": "flanneld.service" }]
  read_from_head true
  <storage>
    @type local
    persistent true
    path /fluentd/log/journal/log.pos
  </storage>
  <entry>
   field_map {"MESSAGE": "message", "_HOSTNAME": "host_name", "_SYSTEMD_UNIT": "service_name"}
   fields_strip_underscores true
   fields_lowercase true
  </entry>
</source>

## system container log from /var/log/containers/*.log
<source>
  @type tail
  path /fluentd/log/containers/*.log
  pos_file /fluentd/log/containers/log.pos
  read_from_head true
  refresh_interval 5
  tag dtdream.system.containers.*
  format none
</source>


### app log from log-driver syslog
<source>
  @type syslog
  tag dtdream.app
  protocol_type udp
  port 24224
  format /^(?<logtime>[^\]]*) (?<host>[^\]]*) (docker/k8s_)(?<containername>[^.]*)([^_]*)_(?<podname>[^_]*)_(?<namespace>[^_]*)([\s\S]*)\]:(?<message>[\s\S]*)$/ 
  time_format %Y-%m-%dT%H:%M:%SZ 
</source>

## app log filter
<filter dtdream.app.**>
  @type record_transformer
  <record>
    tag ${tag}
  </record>
</filter>

## system log filter
<filter dtdream.system.containers.**>
  @type record_transformer
  <record>
    service_name ${tag_parts[6]}
	host_name "#{Socket.gethostname}"
    log_time ${time}
  </record>
</filter>
<filter dtdream.system.systemd>
  @type record_transformer
  <record>
    log_time ${time}
  </record>
</filter>

########## output ##########
## app log output to redis
<match dtdream.app.**>
  @type redis_store

  host 127.0.0.1
  port 6379
  db 0
  timeout 5.0
  
  key log_fluentd_redis_app
  store_type list
</match>

## system log output to redis
<match dtdream.system.**>
  @type redis_store

  host 127.0.0.1
  port 6379
  db 0
  timeout 5.0
  
  key log_fluentd_redis_system
  store_type list
</match>