我有一些 JSON 通过 FluentD 驱动程序从 docker 容器发出,例如:
'{"timeMillis":1485917543709,"thread":"main","level":"INFO","loggerName":"com.imageintelligence.ava.api.Boot","message":"{\"dom\":\"DOM\"}","loggerFqcn":"org.apache.logging.slf4j.Log4jLogger","threadId":1,"threadPriority":5}'
请注意该message字段是字符串编码的 JSON?当这些数据被 fluentD 捕获时,它最终看起来像这样,正如预期的那样:
2017-02-01 06:29:15 +0000 docker.6faad650faa6: {"log":"{\"timeMillis\":1485917543709,\"thread\":\"main\",\"level\":\"INFO\",\"loggerName\":\"com.imageintelligence.ava.api.Boot\",\"message\":\"{\\\"dom\\\":\\\"DOM\\\"}\",\"loggerFqcn\":\"org.apache.logging.slf4j.Log4jLogger\",\"threadId\":1,\"threadPriority\":5}\r","com.amazonaws.ecs.cluster":"dombou","container_id":"6faad650faa6012af4f32df79901b42488543a5e6e53517fe3579b01ab2b6862","container_name":"/upbeat_booth","source":"stdout"}`
我使用这样的过滤器来解析 JSON:
<filter docker.**>
@type parser
format json
key_name log
reserve_data true
hash_value_field log
</filter>
我最终得到了半消毒的 JSON:
2017-02-01 06:32:10 +0000 docker.68c794f7f694: {"source":"stdout","log":{"timeMillis":1485917543709,"thread":"main","level":"INFO","loggerName":"com.imageintelligence.ava.api.Boot","message":"{\"dom\":\"DOM\"}","loggerFqcn":"org.apache.logging.slf4j.Log4jLogger","threadId":1,"threadPriority":5},"com.amazonaws.ecs.cluster":"dombou","container_id":"68c794f7f6948d4261b9497947834651abbf766e9aa51a76f39d6895b7a9ac18","container_name":"/sad_hamilton"}
问题是,该message字段仍然是字符串转义的 JSON 字段。关于如何解析内部 JSON 字段的任何建议?如何堆叠过滤器?
rhu*_*cks 12
您可以尝试顺序过滤器:
<filter docker.**>
@type parser
key_name log
format json
reserve_data true
</filter>
<filter docker.*.embeded_json.**>
@type parser
key_name message
format json
reserve_data true
</filter>
小智 1
请尝试以下插件并让我知道效果如何:
https://github.com/edsiper/ Fluent-plugin-docker
| 归档时间: |
|
| 查看次数: |
15422 次 |
| 最近记录: |