Fluentd Blog

fluent-package v5.0.4 has been released

Hi users!

We have released fluent-package v5.0.4. fluent-package is a stable distribution package of Fluentd. (successor of td-agent v4)

This is a maintenance release of v5.0.x LTS series. As bundled Ruby was updated to 3.2.4 and a foolproof mechanism was implemented to prevent launching duplicated Fluentd instances, we recommend upgrading to fluent-package v5.0.4!

Changes from fluent-package v5.0.3

• Update ruby to 3.2.4 (#645)
• Fixed to prevent launching Fluentd wrongly if the service is already running (#648,#649)
• Added support for Ubuntu 24.04 (Noble Numbat)

Fixed to prevent launching Fluentd wrongly if the service is already running

In this release, a foolproof mechanism was implemented to prevent launching Fluentd wrongly if the service is already running.

As you know, you can check the version of Fluentd with fluentd --version, but there is a case that fluentd -v is executed wrongly to do it.

When already running Fluentd as a service, fluentd -v launches a duplicated Fluentd instance with the same fluentd configuration. If you launch duplicated Fluentd instances, it causes the corruption of processing Fluentd buffer. To prevent such a situation, a foolproof was implemented now.

For example, if Fluentd is running as a service, launching Fluentd causes an error to block it.

Here is the example on Windows:

> fluentd
Error: Can't start duplicate Fluentd instance with the default config.

To start Fluentd, please do one of the following:
  (Caution: Please be careful not to start multiple instances with the same config.)
  - Stop the Fluentd Windows service 'fluentdwinsvc'.
  - Specify the config path explicitly by '-c' ('--config').

Even though if you wrongly launch Fluentd to check version with -v (It should be --version to show version), then it causes the following error.

> fluentd -v
Error: Can't start duplicate Fluentd instance with the default config.

To take the version, please use '--version', not '-v' ('--verbose').

To start Fluentd, please do one of the following:
  (Caution: Please be careful not to start multiple instances with the same config.)
  - Stop the Fluentd Windows service 'fluentdwinsvc'.
  - Specify the config path explicitly by '-c' ('--config')

Note that this foolproof feature is intended to block launching duplicated Fluentd instance, you can explicitly launch Fluentd by specifying a specific option to pass it even though already Fluentd is running as a service.

On Windows:

• -c (--config)
• --dry-run
• --reg-winsvc
• --reg-winsvc-fluentdopt
• --show-plugin-config

On Linux:

• -c (--config)
• --dry-run
• --show-plugin-config

About next LTS schedule

We plan to ship the next LTS version of fluent-package v5.0.5 on Oct, 2024. The content of updates are still in T.B.D.

About td-agent v4.5.2 and v4.5.3 (Windows)

As it was already announced Drop schedule announcement about EOL of Treasure Agent (td-agent) 4, td-agent v4 was reached EOL in Dec, 2023.

There is a exceptional maintenance release for v4.5.3 on Windows because there was a crash bug during startup on Windows. It was backported fix from fluent-package v5 as it is critical in some case.

We strongly recommend migrating from td-agent v4 to fluent-package v5 (LTS). See Upgrade to fluent-package v5

Download

Please see the download page.

Read More

Fluentd v1.17.0 has been released

Hi users!

We have released v1.17.0 on 2024-04-30. ChangeLog is here.

This release is a new release of v1.17 series. In this release, we added some new features for some plugins and fixed bugs of Parser.

Enhancement

in_tail: Add glob_policy option for expanding glob capability of path and exclude_path

In this release, we added a new option glob_policy for in_tail plugin.

In previous versions, we can use only * in glob patterns for path and exclude_path option.

Example:

path /path/to/*
exclude_path ["/path/to/*.gz", "/path/to/*.zip"]

From this version, we can also use [], ?, and {} in glob patterns depending on the glob_policy option.

Example:

path "[0-1][2-3].log"
glob_policy extended

Please see the document and #4401 for more information.

out_http: Support AWS Signature Version 4 authentication

In this release, we added a new option aws_sigv4 for the method setting of out_http plugin.

By using this option, out_http can use AWS Signature Version 4.

For example, this allows out_http to write to Amazon OpenSearch Ingestion.

Please see the document and #4459 for more information.

out_http: Add option to reuse connections

In this release, we add a new option reuse_connections for out_http plugin.

This option will improve throughput of out_http.

Please see the document and #4330 for more information.

in_http: Recognize CSP reports as JSON data

In this release, we make the data type of the request where the Content-Type is application/csp-report be considered JSON by default.

Now, in_http can receive Content Security Policy's report by default.

Please see #4282 for more information.

Bug Fixes

Make sure parser returns hash

The record data in an event of Fluentd must be a hash object.

• Life of a Fluentd event

However, in the previous versions, some parser plugins could return a non-hash object, such as an array. It could cause errors in subsequent processing.

In this release, the following parser plugins have been fixed.

• parser_json
• parser_msgpack

The changes are as follows:

• Make sure to return a hash record.
• Make sure to accept only a hash or an array of hash.

Here are the details for each case.

Example of changed behavior

Config:

<source>
  @type tcp
  tag test.tcp
  <parse>
    @type json
  </parse>
</source>

<match test.**>
  @type stdout
</match>

Send an array data:

$ netcat 0.0.0.0 5170
[{"k":"v"}, {"k2":"v2"}]

The result before this version:

{datetime} test.tcp: [{"k":"v"},{"k2":"v2"}]

The result after this version:

{datetime} test.tcp: {"k":"v"}
{datetime} test.tcp: {"k2":"v2"}

Example of resolved error

Config:

<source>
  @type tcp
  tag test.tcp
  <parse>
    @type json
    null_empty_string
  </parse>
</source>

<match test.**>
  @type stdout
</match>

Send an array data:

$ netcat 0.0.0.0 5170
[{"k":"v"}, {"k2":"v2"}]

The result before this version:

{datetime} [error]: #0 unexpected error on reading data host="xxx" port=xxx error_class=NoMethodError error="undefined method `each_key' for [{\"k\"=>\"v\"}, {\"k2\"=>\"v2\"}]:Array"

The result after this version:

{datetime} test.tcp: {"k":"v"}
{datetime} test.tcp: {"k2":"v2"}

Remaining problem: filter_parser

In the previous versions, filter_parser could return an array record based on this wrong behavior. From this release, it can not return multiple parsed results anymore and Fluentd outputs a warning log in this case. This behavior should improve in the future.

Here is an example.

<source>
  @type sample
  tag test.array
  sample {"message": "[{\"k\":\"v\"}, {\"k2\":\"v2\"}]"}
</source>

<filter test.**>
  @type parser
  key_name message
  <parse>
    @type json
  </parse>
</filter>

<match test.**>
  @type stdout
</match>

The result before this version:

{datetime} test.array: [{"k":"v"},{"k2":"v2"}]

The result after this version:

{datetime} [warn]: #0 dump an error event: error_class=Fluent::Plugin::Parser::ParserError error="Could not emit the event. The parser returned multiple results, but currently filter_parser plugin only returns the first parsed result. Raw data: '[{\"k\":\"v\"}, {\"k2\":\"v2\"}]'" location=nil tag="test.array" time=xxx record={"k2"=>"v2"}
{datetime} test.array: {"k":"v"}

These are the major changes for this release.

In addition, some performance improvements have been included! Please see ChangeLog for details!

Enjoy logging!

Read More

fluent-package v5.0.3 has been released

Hi users!

We have released fluent-package v5.0.3. fluent-package is a stable distribution package of Fluentd. (successor of td-agent v4)

This is a maintenance release of v5.0.x LTS series. As significant slow starting service and crash issues during startup on Windows were fixed, we recommend upgrading to fluent-package v5.0.3!

Changes from fluent-package v5.0.2

• Update fluentd to 1.16.5. See the following blog articles about details.
  • Fluentd v1.16.4 has been released
  • Fluentd v1.16.5 has been released
• Update bundled plugins
  • e.g. fluent-diagtool v1.0.5. It supports to collect list of plugins on Windows.
• msi: fixed wrong environment path for Fluent Package Prompt (#606)
  • It breaks fluent-diagtool behavior to launch fluent-gem correctly.
• msi: removed unnecessary path delimiter (#607)
  • It doesn't cause any problem yet, but it should treat %~dp0 correctly.
• rpm: fixed to take over enabled state of systemd service from td-agent v4 (#613)
• deb rpm: fixed to quote target files correctly not to cause migration failures (#615)
• msi: added a patch for RubyInstaller to avoid crash on start up (#620)
• msi: fixed slow start issue on Windows (#631)

About next LTS schedule

We plan to ship next LTS version of fluent-package v5.0.4 on June, 2024. The content of updates are still in T.B.D.

About td-agent v4.5.2 and v4.5.3 (Windows)

As it was already announced Drop schedule announcement about EOL of Treasure Agent (td-agent) 4, td-agent v4 was reached EOL in Dec, 2023.

There is a exceptional maintenance release for v4.5.3 on Windows because there was a crash bug during startup on Windows. It was backported fix from fluent-package v5 as it is critical in some case.

We strongly recommend migrating from td-agent v4 to fluent-package v5 (LTS). See Upgrade to fluent-package v5

Download

Please see the download page.

Read More

Fluentd v1.16.5 has been released

Hi users!

We have released v1.16.5 on 2024-03-27. ChangeLog is here.

The previous version v1.16.4 has a serious Buffer bug when it processes large data exceeding chunk size limit. So, we have released v1.16.5 urgently, and have fixed the bug. So, please don't use v1.16.4.

Sorry for troubling.

Bug Fixes

Buffer: Fix emit error of v1.16.4 sometimes failing to process large data exceeding chunk size limit

In the previous version v1.16.4, we fixed a Buffer bug (Please see Fluentd v1.16.4 has been released for details).

There was a race condition problem with that fix, and similar Buffer errors explained in Fluentd v1.16.4 has been released could occur.

• emit transaction failed: ...
• send an error event stream to @ERROR: ...

These errors are the same as the Buffer error of Fluentd v1.16.4 has been released, but it would be more likely to happen. The cause is a race condition when processing large data exceeding chunk size limit. So, in that case, these errors can occur depending on the timing.

So, please don't use v1.16.4.

See #4447 for more information.

Sorry for troubling.

Read More

Fluentd v1.16.4 has been released

Hi users!

We have released v1.16.4 on 2024-03-14. ChangeLog is here.

In this release, we fixed several bugs and improved performance.

Bug Fixes

Buffer: Fix emit error sometimes caused by failing to process large data exceeding chunk size limit

In previous versions, when Buffer processes large data exceeding the chunk size limit, it sometimes fails and causes an emit error.

It is usually unlikely, but it may occur when Buffer receives data with extremely large records that are distributed unevenly in the data.

If you set @ERROR label, the data is routed to that label, and Fluentd outputs a warning log message: send an error event stream to @ERROR: ....

However, if you don't set @ERROR label, the data is discarded, and Fluentd outputs a warning log message: emit transaction failed: .... In addition, Input plugins that do not consider an emit error may stop working, such as in_windows_eventlog2.

Here is an example of the warning message:

2024-03-22 14:13:35 +0900 [warn]: #0 emit transaction failed: error_class=IOError error="closed stream" location="/path/to/fluentd/lib/fluent/plugin/buffer/file_chunk.rb:82:in `pos'" tag="test"

If you see these warnings, please update Fluentd.

See #4342 for more information.

Others

• in_tail: Fix tail watchers in rotate_wait state not being managed. #4334
  • This problem should not have any actual negative impact on the operation.
• Buffer: Avoid unnecessary log processing. It will improve performance. #4331

Enjoy logging!

Read More