I have the following fluent.conf
<source>
type forward
</source>
<source>
type monitor_agent
port 24220
</source>
# Listen DRb for debug
<source>
type debug_agent
port 24230
</source>
<source>
type tail
path /var/data/www/apps/app/logs/*.log
pos_file /tmp/fluent.nginx.pos
format syslog
tag app.nginx-access
# Regex fields
format /^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*) "(?<referer>[^\"]*)" "(?<agent>[^\"]*)"$/
# Date and time format
time_format %d/%b/%Y:%H:%M:%S %z
</source>
<match app.**>
type copy
<store>
type file
path /var/log/fluent/app
</store>
</match>
Is it necessary to use Logrotate @ /var/log/fluent/app/* or will Fluent handle this itself?
Best Answer
Fluentd's out_file plugin automatically partitions the output files by day, so you do NOT need to use logrotate.
If you want to partition by different granularity, change the "time_slice_format" parameter (by default, it is %Y%m%d).
However, this means there is no current, canonical name for the output file. For that, you can use the parameter "symlink_path" with "buffer_type file". This is not the feature of out_file per se, but any buffered output.