如何从 kubernetes 应用程序日志中提取字段 - efk 堆栈
[英]How to extract fields from kubernetes app logs - efk stack
问题描述
I'm using FluentD (deployed as DaemonSet) to stream k8s app (containers) logs to elasticsearch.
我正在使用 FluentD(部署为 DaemonSet)将 k8s 应用程序(容器)日志流式传输到 elasticsearch。 i want extract specific keys from the 'log' key string in elastic such as logKey: ... or statusCode:.. (inside the 'log' key below)我想从弹性中的“日志”键字符串中提取特定键,例如 logKey: ... 或 statusCode:.. (在下面的“日志”键内)
Please see the log i'm trying to parse:请查看我正在尝试解析的日志:
i saw that i should use FluentD plugin to parse the log before it sent to elastic, but unfortunately i didn't find a way to do it.我看到我应该在日志发送到弹性之前使用 FluentD 插件来解析日志,但不幸的是我没有找到一种方法来做到这一点。
this is my current ConfigMap containers section :这是我当前的 ConfigMap 容器部分:
<source>
@type tail
path /var/log/containers/*.log
pos_file /var/log/app.log.pos
tag kubernetes.*
read_from_head true
<parse>
@type json
time_format %Y-%m-%dT%H:%M:%S.%NZ
</parse>
</source>
Thanks a lot for your help.非常感谢你的帮助。
1 个解决方案
解决方案1
0 2020-01-15 02:13:11
Do you trying this add-on?你要试试这个插件吗?
It seems already setup the configure of the fluentd.似乎已经设置了 fluentd 的配置。
https://github.com/kubernetes/kubernetes/blob/8568d1843daababe70763b30ae897388710b2216/cluster/addons/fluentd-elasticsearch/fluentd-es-configmap.yaml https://github.com/kubernetes/kubernetes/blob/8568d1843daababe70763b30ae897388710b2216/cluster/addons/fluentd-elasticsearch/fluentd-es-configmap.yaml
Is your ConfigMap appended to above ConfigMap?您的 ConfigMap 是否附加到上面的 ConfigMap?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.