Lately, I have been working on centralizing the logs from all of our servers and application layers. I decided to use Fluentd instead of Logstash because it claims better reliability without jumping through hoops (e.g. adding a kafka layer).
Anyways, working on the configuration, I noticed that it doesn’t have any default configs for PHP errors. My quick google search didn’t reveal anything either. So, I decided to write the regex myself. Here is what I ended up with. This also accounts for multiline stack traces.
#[03-Sep-2017 22:51:06 UTC] PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 65536 bytes) in Unknown on line 0
format_firstline /^\[(?<time>[^\]]*)\] (?<level>.+?):/
format1 /^\[(?<time>[^\]]*)\] (?<level>.+?):\s+(?<message>.*)/
time_format %d-%b-%Y %H:%M:%S %Z
read_from_head true # Read the file from the start.