fluented_input_new.yaml:
当前可用的配置:#日志源配置,格式化成json<source>@id fluentd-containers.log@type tailpath /var/log/containers/*/*.logpos_file /var/log/es-containers.log.postag raw.kubernetes.*<parse>@type multi_format<pattern>format jsontime_key timestamptime_format %Y-%m-%dT%H:%M:%S.%NZ</pattern><pattern>format /^(?<time>.+) (?<stream>stdout|stderr) [^ ]* (?<log>.*)$/time_format %Y-%m-%dT%H:%M:%S.%N%:z</pattern></parse></source># 检测java异常栈日志,并作为一条日志转发# Detect exceptions in the log output and forward them as one log entry.<match raw.kubernetes.**>@id raw.kubernetes@type detect_exceptionsremove_tag_prefix rawmessage logstream streamlanguages javamultiline_flush_interval 5max_bytes 0max_lines 1000</match>#将json日志log中的value解析成message字段内容,不使用则es中message会变成log字段<filter kubernetes.**>@id filter_parser@type parser # multi-format-parser多格式解析器插件key_name log # 在要解析的记录中指定字段名称。reserve_data true # 在解析结果中保留原始键值对。remove_key_name_field true # key_name 解析成功后删除字段。<parse>@type multi_format<pattern>format json</pattern><pattern>format none</pattern></parse></filter>#多行日志拼接,主要针对pod日志超过docker 16k限制的大日志<filter kubernetes.**>@type concatkey messageseparator ""multiline_start_regexp /^\[\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}\]/#Continuous_line_regexp /^\\u0009java/multiline_end_regexp /\u200b\n$|^\n$/flush_interval 0</filter># 添加k8s相关的元数据,pod namespace id 等<filter kubernetes.**>@id filter_kubernetes_metadata@type kubernetes_metadata</filter># 区分标准格式和非标准格式日志<match kubernetes.**>@type rewrite_tag_filter<rule>key messagepattern /^\[20/tag INFO.kubernetes.*</rule><rule>key messagepattern /^\[20/tag NULL.kubernetes.*invert true</rule></match># 对标准格式的日志提取日志级别level<filter INFO.kubernetes.**>@type parserkey_name messagereserve_data true<parse>@type regexp#expression /^\[[^\]]*\] \[[^\]]*\] \[[^\]]*\] (?<level>\S+)/expression /^\[[^\]]*\] \[[^\]]*\] \[(?<thand>[^\]]*)\] (?<level>\S+)/types level:string</parse></filter># 对标准格式的日志写日志标签 这一步可以忽略<filter INFO.kubernetes.**>@type record_transformer#@type record_modifier<record>level ${record["level"]}</record></filter># 非标准格式的日志level为null<filter NULL.kubernetes.**>@type record_transformer<record>level NULL</record></filter># 排除不需要的日志<filter NULL.kubernetes.**>@type grep<exclude>key $.kubernetes.labels.k8s-apppattern /fluentd-es|kubernetes-dashboard/</exclude><exclude>key SYSLOG_IDENTIFIERpattern /kubelet/</exclude></filter># 删除日志中不需要的key<filter **>@type record_transformerremove_keys stream,$.kubernetes.container_image_id,$.kubernetes.labels.jenkins-fold,$.kubernetes.labels.pod-template-hash,$.kubernetes.labels.repo-config-group,$.kubernetes.labels.repo-config-project,$.kubernetes.labels.repo-group,$.kubernetes.labels.repo-project,$.kubernetes.master_url,$.kubernetes.namespace_id,$.kubernetes.namespace_labels.env,$.kubernetes.pod_id,$.kubernetes.container_name</filter>
若有收获,就点个赞吧
0 人点赞
