How to exclude pattern in <match> for fluentd config?

To selectively filter log events in Fluentd, you can use the <match> directive to specify which events to process and which to discard. Here's how you can do it:

To discard all events that match a specific tag and process all other tags, you can configure Fluentd like this:

<match the.tag.you.want.to.drop>
  @type null
</match>
<match **>
  # process everything else
</match>

The null output plugin effectively discards all log events that match the specified tag.

On the other hand, if you want to drop all events except those with a specific tag, the configuration would look like this:

<match the.tag.you.want.to.process>
  # process this specific tag
</match>

In this setup, only the events matching the.tag.you.want.to.process are processed, and all others are ignored. However, Fluentd will issue a warning for unprocessed tags.

To eliminate this warning and explicitly discard all other log events, you can direct them to the null output plugin, like this:

<match the.tag.you.want.to.process>
  # process this specific tag
</match>
<match **>
  @type null
</match>

This approach ensures a clean configuration where specific tags are processed, and all others are silently discarded, maintaining an efficient log management system.

🔭 Want to centralize and monitor your logs?

Go to Logtail and start your log management in 5 minutes. [/summary]

Got an article suggestion? Let us know

Explore more

How to Add Tags to My Fluentd Events

Questions

Fluentd

Learn how to use Fluentd to collect, process, and ship log data at scale, and improve your observability and troubleshooting capabilities.

Guides

How to Parse Nested JSON Fields in Fluentd

Learn how to configure Fluentd for nested JSON parsing in log messages for enhanced structured logging

Questions

How to Send Logs to Multiple Outputs With Same Match Tags in Fluentd?

Questions

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.