【发布时间】:2021-06-19 09:27:00
【问题描述】:
我需要在 Fluentd 中编写“过滤器”或“记录”,如果键 log 包含 INFO,那么我需要删除完整的记录,关于如何编写这个有什么建议吗?
{
"_index": "logstash-2021.06.19",
"_type": "_doc",
"_id": "nkeBI3oBrowj3sxE9hMv",
"_version": 1,
"_score": null,
"_source": {
"log": "2021-06-19T08:57:31.118Z [INFO] 10.2.1.232:59778 - 44627 \"A IN xxxx. udp 66 false 512\" NOERROR qr,rd,ra 310 0.000114881s\n",
"stream": "stdout",
"docker": {
"container_id": "4078ac6afdd2ec3bbacf148f442ad9a9eac8f92bb60b839114850e7c56157f8e"
},
"kubernetes": {
"container_name": "coredns",
"namespace_name": "kube-system",
"pod_name": "coredns-6d699dcf7b-m6qmp",
"container_image": "k8s.gcr.io/coredns:1.5.0",
"container_image_id": "docker-pullable://k8s.gcr.io/coredns@sha256:e83beb5e43f8513fa735e77ffc5859640baea30a882a11cc75c4c3244a737d3c",
"pod_id": "69297648-e904-11e9-aad3-2a1c3f9db5a1",
"labels": {
"k8s-app": "coredns",
"pod-template-hash": "6d699dcf7b",
"tier": "control-plane"
},
"host": "da-cicd-enc1-bl6",
"master_url": "https://10.3.0.1:443/api",
"namespace_id": "5d2ccb8c-e904-11e9-aad3-2a1c3f9db5a1"
},
"@timestamp": "2021-06-19T08:57:31.119+00:00",
"tag": "other_service.kubernetes.var.log.containers.coredns-6d699dcf7b-m6qmp_kube-system_coredns-4078ac6afdd2ec3bbacf148f442ad9a9eac8f92bb60b839114850e7c56157f8e.log"
},
"fields": {
"@timestamp": [
"2021-06-19T08:57:31.119Z"
]
},
"highlight": {
"kubernetes.namespace_name": [
"@kibana-highlighted-field@kube@/kibana-highlighted-field@-@kibana-highlighted-field@system@/kibana-highlighted-field@"
]
},
"sort": [
1624093051119
]
}
【问题讨论】:
-
到目前为止你有没有尝试过?
-
yes 尝试使用密钥级别进行过滤,但看起来它需要在密钥日志中进行过滤 需要可以从“log”字符串中读取 [INFO] 的内容,然后删除完整的事件
@type grep key level pattern fluent.(warn|error|fatal) -
请edit 并将您的配置与任何其他相关信息一起添加到问题中。
标签: kubernetes fluentd