# Example:
# 2015-12-21 23:17:22,066 [salt.state       ][INFO    ] Completed state [net.ipv4.ip_forward] at time 23:17:22.066081
<source>
  @type tail
  format /^(?<time>[^ ]* [^ ,]*)[^\[]*\[[^\]]*\]\[(?<severity>[^ \]]*) *\] (?<message>.*)$/
  time_format %Y-%m-%d %H:%M:%S
  path /mnt/log/salt/minion
  exclude_path "#{ENV['EXCLUDE_PATH']}"
  pos_file /mnt/pos/ggcp-salt.pos
  tag salt
  enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
</source>

<filter salt.**>
  @type kubernetes_sumologic
  source_category salt
  source_name k8s_salt
  source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
  add_stream "#{ENV['ADD_STREAM']}"
  add_time "#{ENV['ADD_TIME']}"
  exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
</filter>


# Example:
# Dec 21 23:17:22 gke-foo-1-1-4b5cbd14-node-4eoj startupscript: Finished running startup script /var/run/google.startup.script
<source>
  @type tail
  format syslog
  path /mnt/log/startupscript.log
  exclude_path "#{ENV['EXCLUDE_PATH']}"
  pos_file /mnt/pos/ggcp-startupscript.log.pos
  tag startupscript
  enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
</source>

<filter startupscript.**>
  @type kubernetes_sumologic
  source_category startupscript
  source_name k8s_startupscript
  source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
  add_stream "#{ENV['ADD_STREAM']}"
  add_time "#{ENV['ADD_TIME']}"
  exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
</filter>


# Multi-line parsing is required for all the kube logs because very large log
# statements, such as those that include entire object bodies, get split into
# multiple lines by glog.


# Example:
# I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
<source>
  @type tail
  format multiline
  multiline_flush_interval 5s
  format_firstline /^\w\d{4}/
  format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
  time_format %m%d %H:%M:%S.%N
  path /mnt/log/kubelet.log
  exclude_path "#{ENV['EXCLUDE_PATH']}"
  pos_file /mnt/pos/ggcp-kubelet.log.pos
  tag kubelet
  enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
</source>

<filter kubelet.**>
  @type kubernetes_sumologic
  source_category kubelet
  source_name k8s_kubelet
  source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
  add_stream "#{ENV['ADD_STREAM']}"
  add_time "#{ENV['ADD_TIME']}"
  exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
</filter>


# Example
# 2017-11-06T18:53:49.774520188Z AUDIT: id="6a8sdffd918-0b6a-4aee-a3a1-f1sdf61596" ip="172.11.23.88" method="GET" user="kubelet" groups="\"system:nodes\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" namespace="monty" uri="/api/v1/namespaces/monty/secrets/default-token-fntvb?resourceVersion=0"
# 2017-02-09T00:15:57.993528822Z AUDIT: id="6a8sdffd918-0b6a-4aee-a3a1-f1sdf61596" response="200"
<source>
  @type tail
  format json
  time_key timestamp
  time_format %Y-%m-%dT%H:%M:%SZ
  path "#{ENV['AUDIT_LOG_PATH']}"
  exclude_path "#{ENV['EXCLUDE_PATH']}"
  pos_file /mnt/pos/ggcp-kube-audit.log.pos
  tag kube-audit
  read_from_head "#{ENV['READ_FROM_HEAD']}"
  enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
</source>

<filter kube-audit.**>
  @type kubernetes_sumologic
  source_category kube-audit
  source_name k8s_kube-audit
  source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
  add_stream "#{ENV['ADD_STREAM']}"
  add_time "#{ENV['ADD_TIME']}"
  exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
</filter>


# Example:
# I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
<source>
  @type tail
  format multiline
  multiline_flush_interval 5s
  format_firstline /^\w\d{4}/
  format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
  time_format %m%d %H:%M:%S.%N
  path /mnt/log/glbc.log
  exclude_path "#{ENV['EXCLUDE_PATH']}"
  pos_file /mnt/pos/ggcp-glbc.log.pos
  tag glbc
  enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
</source>

<filter glbc.**>
  @type kubernetes_sumologic
  source_category glbc
  source_name k8s_glbc
  source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
  add_stream "#{ENV['ADD_STREAM']}"
  add_time "#{ENV['ADD_TIME']}"
  exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
</filter>


# Example:
# I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
<source>
  @type tail
  format multiline
  multiline_flush_interval 5s
  format_firstline /^\w\d{4}/
  format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
  time_format %m%d %H:%M:%S.%N
  path /mnt/log/cluster-autoscaler.log
  exclude_path "#{ENV['EXCLUDE_PATH']}"
  pos_file /mnt/pos/ggcp-cluster-autoscaler.log.pos
  tag cluster-autoscaler
  enable_stat_watcher "#{ENV['ENABLE_STAT_WATCHER']}"
</source>

<filter cluster-autoscaler.**>
  @type kubernetes_sumologic
  source_category cluster-autoscaler
  source_name k8s_cluster-autoscaler
  source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
  add_stream "#{ENV['ADD_STREAM']}"
  add_time "#{ENV['ADD_TIME']}"
  exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
</filter>