更新:流利的位分析JSON log作为文本
我正在使用Fluentd发送日志。应用日志以JSON格式。这是Kibana中的其中之一
{"@timestamp":"2022-05-06T06:02:10.669Z", "log.level": "INFO", "message":"INFO Health check ok", "ecs.version": "1.2.0","service.name":"spring-boot-application","event.dataset":"spring-boot-application","process.thread.name":"http-nio-9001-exec-7","log.logger":"com.app.designer.rules.controller.RulesController","transaction.id":"15e36b5ef6cc69dd","trace.id":"fd275718e25c061d309954773985b101"}
,我可以看到日志
JSON日志是log键的值。 但是,我们希望JSON日志键值为字段和值 请建议。 流利位配置映射是:
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit-designer
data:
fluent-bit-service.conf: |
[SERVICE]
Flush 1
Daemon Off
Log_Level error
Parsers_File parsers.conf
fluent-bit-input.conf: |
[INPUT]
Name tail
Path /app/logs/designer-logs.log.json
Multiline On
Parser_Firstline multiline_pattern
Refresh_Interval 5
Mem_Buf_Limit 5MB
Skip_Long_Lines On
Path_key FileName
fluent-bit-filter.conf: |
[FILTER]
Name modify
Match *
Add PodName ${POD_NAME}
Add Namespace ${NAMESPACE_NAME}
fluent-bit-output.conf: |
[OUTPUT]
Name forward
Match *
Host {{ .Values.efkCluster }}-fluentd-aggregator.{{ .Values.efkCluster }}
Port 24224
fluent-bit.conf: |
@INCLUDE fluent-bit-service.conf
@INCLUDE fluent-bit-input.conf
@INCLUDE fluent-bit-filter.conf
@INCLUDE fluent-bit-output.conf
parsers.conf: |
[PARSER]
Name multiline_pattern
Format regex
Regex ^\[(?<LogDate>\d{2}\-\d{2}\-\d{2} \d{2}\:\d{2}\:\d{2}\.\d{3}\+\d{4})\] (?<LogLevel>[^ ]*) * (?<Thread>\S+) (?<Username>[^\s]*?) (?<Logger>[A-Za-z0-9$_.]+) -(\r\n|\r|\n)*(?<Message>.*)
time_key LogDate
time_format %d-%m-%y %H:%M:%S.%L%z
I'm sending logs to ES with fluentd. App logs are in JSON format. Here is one of them
{"@timestamp":"2022-05-06T06:02:10.669Z", "log.level": "INFO", "message":"INFO Health check ok", "ecs.version": "1.2.0","service.name":"spring-boot-application","event.dataset":"spring-boot-application","process.thread.name":"http-nio-9001-exec-7","log.logger":"com.app.designer.rules.controller.RulesController","transaction.id":"15e36b5ef6cc69dd","trace.id":"fd275718e25c061d309954773985b101"}
In Kibana, i can see the logs
JSON log is a value of log key.
But, we want JSON Log key value, as Field and Value
Please suggest.
fluent bit config map is:
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit-designer
data:
fluent-bit-service.conf: |
[SERVICE]
Flush 1
Daemon Off
Log_Level error
Parsers_File parsers.conf
fluent-bit-input.conf: |
[INPUT]
Name tail
Path /app/logs/designer-logs.log.json
Multiline On
Parser_Firstline multiline_pattern
Refresh_Interval 5
Mem_Buf_Limit 5MB
Skip_Long_Lines On
Path_key FileName
fluent-bit-filter.conf: |
[FILTER]
Name modify
Match *
Add PodName ${POD_NAME}
Add Namespace ${NAMESPACE_NAME}
fluent-bit-output.conf: |
[OUTPUT]
Name forward
Match *
Host {{ .Values.efkCluster }}-fluentd-aggregator.{{ .Values.efkCluster }}
Port 24224
fluent-bit.conf: |
@INCLUDE fluent-bit-service.conf
@INCLUDE fluent-bit-input.conf
@INCLUDE fluent-bit-filter.conf
@INCLUDE fluent-bit-output.conf
parsers.conf: |
[PARSER]
Name multiline_pattern
Format regex
Regex ^\[(?<LogDate>\d{2}\-\d{2}\-\d{2} \d{2}\:\d{2}\:\d{2}\.\d{3}\+\d{4})\] (?<LogLevel>[^ ]*) * (?<Thread>\S+) (?<Username>[^\s]*?) (?<Logger>[A-Za-z0-9$_.]+) -(\r\n|\r|\n)*(?<Message>.*)
time_key LogDate
time_format %d-%m-%y %H:%M:%S.%L%z
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我将解析器的配置从正则表达式更改为 JSON解析器使其正常工作。
请找到Fluentbit Confgmap:
在Kibana
I changed parser configuration from regular expression to json parser to make it work.
Please find fluentbit confgmap:
in Kibana