LogDNA
LogDNA is an intuitive cloud based log management system that provides you an easy interface to query your logs once they are stored.
The Fluent Bit logdna output plugin allows you to send your log or events to a LogDNA compliant service like:
Before to get started with the plugin configuration, make sure to obtain the proper account to get access to the service. You can start with a free trial in the following link:

Configuration Parameters

Key
Description
Default
logdna_host
LogDNA API host address
logs.logdna.com
logdna_port
LogDNA TCP Port
443
api_key
API key to get access to the service. This property is mandatory.
hostname
Name of the local machine or device where Fluent Bit is running.
When this value is not set, Fluent Bit lookup the hostname and auto populate the value. If it cannot be found, an unknown value will be set instead.
mac
Mac address. This value is optional.
ip
IP address of the local hostname. This value is optional.
tags
A list of comma separated strings to group records in LogDNA and simplify the query with filters.
file
Optional name of a file being monitored. Note that this value is only set if the record do not contain a reference to it.
app
Name of the application. This value is auto discovered on each record, if not found, the default value is used.
Fluent Bit

Auto Enrichment & Data Discovery

One of the features of Fluent Bit + LogDNA integration is the ability to auto enrich each record with further context.
When the plugin process each record (or log), it tries to lookup for specific key names that might contain specific context for the record in question, the following table describe the keys and the discovery logic:
Key
Description
level
If the record contains a key called level or severity, it will populate the context level key with that value. If not found, the context key is not set.
file
if the record contains a key called file, it will populate the context file with the value found, otherwise If the plugin configuration provided a file property, that value will be used instead (see table above).
app
If the record contains a key called app, it will populate the context app with the value found, otherwise it will use the value set for app in the configuration property (see table above).
meta
if the record contains a key called meta, it will populate the context meta with the value found.

Getting Started

The following configuration example, will emit a dummy example record and ingest it on LogDNA. Copy and paste the following content in a file called logdna.conf:
1
[SERVICE]
2
flush 1
3
log_level info
4
5
[INPUT]
6
name dummy
7
dummy {"log":"a simple log message", "severity": "INFO", "meta": {"s1": 12345, "s2": true}, "app": "Fluent Bit"}
8
samples 1
9
10
[OUTPUT]
11
name logdna
12
match *
13
api_key YOUR_API_KEY_HERE
14
hostname my-hostname
15
ip 192.168.1.2
16
mac aa:bb:cc:dd:ee:ff
17
tags aa, bb
Copied!
run Fluent Bit with the new configuration file:
1
$ fluent-bit -c logdna.conf
Copied!
Fluent Bit output:
1
Fluent Bit v1.5.0
2
* Copyright (C) 2019-2020 The Fluent Bit Authors
3
* Copyright (C) 2015-2018 Treasure Data
4
* Fluent Bit is a CNCF sub-project under the umbrella of Fluentd
5
* https://fluentbit.io
6
7
[2020/04/07 17:44:37] [ info] [storage] version=1.0.3, initializing...
8
[2020/04/07 17:44:37] [ info] [storage] in-memory
9
[2020/04/07 17:44:37] [ info] [storage] normal synchronization mode, checksum disabled, max_chunks_up=128
10
[2020/04/07 17:44:37] [ info] [engine] started (pid=2157706)
11
[2020/04/07 17:44:37] [ info] [output:logdna:logdna.0] configured, hostname=monox-fluent-bit-2
12
[2020/04/07 17:44:37] [ info] [sp] stream processor started
13
[2020/04/07 17:44:38] [ info] [output:logdna:logdna.0] logs.logdna.com:443, HTTP status=200
14
{"status":"ok","batchID":"f95849a8-ec6c-4775-9d52-30763604df9b:40710:ld72"}
Copied!
Your record will be available and visible in your LogDNA dashboard after a few seconds.

Query your Data in LogDNA

In your LogDNA dashboard, go to the top filters and mark the Tags aa and bb, then you will be able to see your records as the example below:
Last modified 8mo ago