<source>
type tail
path /var/log/secure
format syslog
tag secure_log
pos_file /var/log/td-agent/syslog_secure.pos
</source>
<match secure_log.**>
type grep
input_key message
regexp Accepted|failure|Invalid
add_tag_prefix greped
</match>
<match greped.**>
type buffered_slack
api_key API_KEY
team TEAMNAME
channel %23general # You should use %23 in return for #
username fluentd
color danger
icon_emoji :shit:
buffer_path /var/log/td-agent/buffer/
flush_interval 5s
</match>