【发布时间】:2018-10-29 21:59:30
【问题描述】:
我试图弄清楚如何使用 Fluentd 重命名字段(或创建具有相同值的新字段)
喜欢:
agent: Chrome ....
收件人:
agent: Chrome
user-agent: Chrome
但对于特定类型的日志,例如**nginx**。
我正在尝试使用record_reformer,但它不适用于第二个过滤器:
<filter kubernetes.**.nginx-ingress-controller-**.log>
@type parser
format /^(?<host>[^ ]*) (?<domain>[^ ]*) \[(?<x_forwarded_for>[^\]]*)\] (?<server_port>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+[^\"])(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")? (?<request_length>[^ ]*) (?<request_time>[^ ]*) (?:\[(?<proxy_upstream_name>[^\]]*)\] )?(?<addr>[^ ]*) (?<response_length>[^ ]*) (?<response_time>[^ ]*) (?<status>[^ ]*)$/
time_format %d/%b/%Y:%H:%M:%S %z
key_name log
types server_port:integer,code:integer,size:integer,request_length:integer,request_time:float,upstream_response_length:integer,upstream_response_time:float,upstream_status:integer
reserve_data true
</filter>
<filter kubernetes.**>
@type kubernetes_metadata
</filter>
<filter kubernetes.**>
@type grep
<regexp>
key $.kubernetes.labels.fluentd
pattern true
</regexp>
</filter>
<filter kubernetes.**.deployment-name**>
@type record_transformer
<record>
level ${record["Level"]}
</record>
</filter>
<match kubernetes.**>
@type elasticsearch
include_tag_key true
host "#{ENV['OUTPUT_HOST']}"
port "#{ENV['OUTPUT_PORT']}"
scheme "#{ENV['OUTPUT_SCHEME']}"
reload_connections true
logstash_format true
</match>
<match kubernetes.**>
@type record_reformer
remove_keys log,kubernetes
tag mytag.generic
<record>
name ${record['kubernetes']['labels']['app']}
namespace ${record['kubernetes']['namespace_name']}
</record>
</match>
<match kubernetes.**api**>
@type record_reformer
remove_keys log,kubernetes
tag mytag.api
<record>
user_agent ${record['req']['headers']['user-agent']}
</record>
</match>
在这种情况下,它不会发送 mytag.generic 的日志
【问题讨论】:
-
您使用
record_reformer而不是record_transformer的任何原因?
标签: logging kubernetes fluentd