Journald
Overview
Journald collects logs from the systemd journal. It reads journal entries directly from the configured journal files or directory.
Supported platforms
- Linux:
Logs - Windows:
Logs - macOS:
Logs
Basic Configuration
| Parameter | Type | Default | Description |
|---|---|---|---|
| directory | string | System default journal directory | A directory containing journal files to read entries from. Relative to root_path |
| files | list(string) | none | A list of journal files to read entries from. Relative to root_path |
| start_at | string | end | Determines where the source starts reading the log file when it starts. Options: beginning ( Starts reading logs from the beginning of the journal files) or end (Starts reading logs from the latest entries). |
Note: Journald requires the journalctl binary to be available in the container or on the system. It uses journalctl to read logs from the systemd journal and does not implement its own journal reading logic.
- The system account the collector runs as must have permission to read the journal (for example via
journalctl)- In containerized environments, this typically requires root privileges and specific capabilities
Advanced Configuration
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| namespace | string | No | default | Will query the given namespace. See man page systemd-journald.service(8) for details. |
| include_all_logs | boolean | No | false | If enabled, the source will include very long logs and logs containing unprintable characters. |
| persist_offsets | boolean | No | true | Stores the current reading position so the source can resume from the last processed journal entry after a restart. |
| retry_on_failure | boolean | No | false | Enables retry logic when reading journal entries fails due to temporary errors. |
Retry On Failure Configuration
The Retry On Failure option enables automatic retry logic when Journald fails to send logs
When enabled, the source temporarily retains the log batch and attempts to resend it based on the configured retry intervals.
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| retry_on_failure_initial_interval | duration | 1s | Time to wait after the first failure before retrying. |
| retry_on_failure_max_interval | duration | 30s | Upper bound on retry backoff interval. Once this value is reached the delay between consecutive retries will remain constant at the specified value. |
| retry_on_failure_max_elapsed_time | duration | 5m | Maximum amount of time (including retries) spent trying to send a logs batch to a downstream consumer. Once this value is reached, the data is discarded. Retrying never stops if set to 0. |
Example Configuration
{
"directory": "", // default: none
"files": [], // default: none
"start_at": "end", // default: "end"
"namespace": "default", // default: "default"
"persist_offsets": true, // default: true
"include_all_logs": false, // default: false
"retry_on_failure": false, // default: false
"retry_on_failure_initial_interval": "1s", // default: "1s"
"retry_on_failure_max_interval": "30s", // default: "30s"
"retry_on_failure_max_elapsed_time": "5m", // default: "5m"
}