github.com/observiq/carbon@v0.9.11-0.20200820160507-1b872e368a5e/docs/operators/journald_input.md (about) 1 ## `journald_input` operator 2 3 The `journald_input` operator reads logs from the systemd journal using the `journalctl` binary, which must be in the `$PATH` of the agentt. 4 5 By default, `journalctl` will read from `/run/journal` or `/var/log/journal`. If either `directory` or `files` are set, `journalctl` will instead read from those. 6 7 The `journald_input` operator will use the `__REALTIME_TIMESTAMP` field of the journald entry as the parsed entry's timestamp. All other fields are added to the entry's record as returned by `journalctl`. 8 9 ### Configuration Fields 10 11 | Field | Default | Description | 12 | --- | --- | --- | 13 | `id` | `journald_input` | A unique identifier for the operator | 14 | `output` | Next in pipeline | The connected operator(s) that will receive all outbound entries | 15 | `directory` | | A directory containing journal files to read entries from | 16 | `files` | | A list of journal files to read entries from | 17 | `write_to` | $ | The record [field](/docs/types/field.md) written to when creating a new log entry | 18 | `start_at` | `end` | At startup, where to start reading logs from the file. Options are `beginning` or `end` | 19 | `labels` | {} | A map of `key: value` labels to add to the entry's labels | 20 | `resource` | {} | A map of `key: value` labels to add to the entry's resource | 21 22 ### Example Configurations 23 24 #### Simple journald input 25 26 Configuration: 27 ```yaml 28 - type: journald_input 29 ``` 30 31 Output entry sample: 32 ```json 33 "entry": { 34 "timestamp": "2020-04-16T11:05:49.516168-04:00", 35 "record": { 36 "CODE_FILE": "../src/core/unit.c", 37 "CODE_FUNC": "unit_log_success", 38 "CODE_LINE": "5487", 39 "MESSAGE": "var-lib-docker-overlay2-bff8130ef3f66eeb81ce2102f1ac34cfa7a10fcbd1b8ae27c6c5a1543f64ddb7-merged.mount: Succeeded.", 40 "MESSAGE_ID": "7ad2d189f7e94e70a38c781354912448", 41 "PRIORITY": "6", 42 "SYSLOG_FACILITY": "3", 43 "SYSLOG_IDENTIFIER": "systemd", 44 "USER_INVOCATION_ID": "de9283b4fd634213a50f5abe71b4d951", 45 "USER_UNIT": "var-lib-docker-overlay2-bff8130ef3f66eeb81ce2102f1ac34cfa7a10fcbd1b8ae27c6c5a1543f64ddb7-merged.mount", 46 "_AUDIT_LOGINUID": "1000", 47 "_AUDIT_SESSION": "299", 48 "_BOOT_ID": "c4fa36de06824d21835c05ff80c54468", 49 "_CAP_EFFECTIVE": "0", 50 "_CMDLINE": "/lib/systemd/systemd --user", 51 "_COMM": "systemd", 52 "_EXE": "/usr/lib/systemd/systemd", 53 "_GID": "1000", 54 "_HOSTNAME": "testhost", 55 "_MACHINE_ID": "d777d00e7caf45fbadedceba3975520d", 56 "_PID": "18667", 57 "_SELINUX_CONTEXT": "unconfined\n", 58 "_SOURCE_REALTIME_TIMESTAMP": "1587049549515868", 59 "_SYSTEMD_CGROUP": "/user.slice/user-1000.slice/user@1000.service/init.scope", 60 "_SYSTEMD_INVOCATION_ID": "da8b20bdc65e4f6f9ca35d6352199b56", 61 "_SYSTEMD_OWNER_UID": "1000", 62 "_SYSTEMD_SLICE": "user-1000.slice", 63 "_SYSTEMD_UNIT": "user@1000.service", 64 "_SYSTEMD_USER_SLICE": "-.slice", 65 "_SYSTEMD_USER_UNIT": "init.scope", 66 "_TRANSPORT": "journal", 67 "_UID": "1000", 68 "__CURSOR": "s=b1e713b587ae4001a9ca482c4b12c005;i=1efec9;b=c4fa36de06824d21835c05ff80c54468;m=a001b7ec5a;t=5a369c4a3cd88;x=f9717e0b5608807b", 69 "__MONOTONIC_TIMESTAMP": "687223598170" 70 } 71 } 72 ```