CheckList
The CheckList plugin (introduced in version 1.8.4) looks up a value in a specified list to see if it exists. The plugin then allows the addition of a record to indicate if the value was found.
Configuration parameters
The plugin supports the following configuration parameters
file
The single value file that Fluent Bit will use as a lookup table to determine if the specified lookup_key
exists.
none
lookup_key
none
record
The record to add if the lookup_key
is found in the specified file
. You can add multiple record parameters.
none
mode
Set the check mode. exact
and partial
are supported.
exact
print_query_time
Print to stdout the elapsed query time for every matched record.
false
ignore_case
Compare strings by ignoring case.
false
Example configuration
The following configuration reads a file test1.log
that includes the following values:
Additionally, it uses the following lookup file which contains a list of malicious IP addresses (ip_list.txt
).
The configuration uses $remote_addr
as the lookup key, and 7.7.7.7
is malicious. The record output for the last record would look like the following:
Last updated
Was this helpful?