我正在使用最新的Fluentd / td-agent。如何过滤从Fluentd流到Elasticsearch的活动性,准备状态检查?我也想排除fluent.trace。从Kibana看到的示例输出:
{
"_index": "aspnetapistarter.logs-2019.07.14",
"_type": "_doc",
"_id": "zFSL72sBodUyUY6Nychc",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2019-07-14T08:13:59.1083593+00:00",
"level": "Information",
"messageTemplate": "{HostingRequestStartingLog:l}",
"message": "Request starting HTTP/1.1 GET http://10.1.1.55:5000/health/live ",
"fields": {
"Protocol": "HTTP/1.1",
"Method": "GET",
"ContentType": null,
"ContentLength": null,
"Scheme": "http",
"Host": "10.1.1.55:5000",
"PathBase": "",
"Path": "/health/live",
"QueryString": "",
"HostingRequestStartingLog": "Request starting HTTP/1.1 GET http://10.1.1.55:5000/health/live ",
"EventId": {
"Id": 1
},
"SourceContext": "Microsoft.AspNetCore.Hosting.Internal.WebHost",
"RequestId": "0HLO86B34CTB4:00000001",
"RequestPath": "/health/live",
"CorrelationId": null,
"ConnectionId": "0HLO86B34CTB4"
},
"renderings": {
"HostingRequestStartingLog": [
{
"Format": "l",
"Rendering": "Request starting HTTP/1.1 GET http://10.1.1.55:5000/health/live "
}
]
},
"tag": "aspnetcore"
},
"fields": {
"@timestamp": [
"2019-07-14T08:13:59.108Z"
]
},
"sort": [
1563092039108
]
}
我已经尝试过了,但是不起作用:
<filter fluent.*>
@type grep
<exclude>
key tag
pattern fluent.trace
</exclude>
</filter>
<filter aspnetcore-access>
@type grep
<exclude>
key fields.Path
pattern health
</exclude>
</filter>
<filter aspnetcore-access>
@type grep
<exclude>
key fields.RequestPath
pattern health
</exclude>
</filter>
谢谢。 WTF是这样的:“您的帖子似乎主要是代码;请添加更多详细信息。”
答案 0 :(得分:-1)
确切的语法在这里:
<filter foo.bar>
@type grep
<regexp>
key message
pattern /cool/
</regexp>
<regexp>
key hostname
pattern /^web\d+\.example\.com$/
</regexp>
<exclude>
key message
pattern /uncool/
</exclude>
</filter>
https://docs.fluentd.org/filter/grep
例如,您可以尝试:
<filter aspnetcore-access>
@type grep
<exclude>
key message
pattern /health/
</exclude>
</filter>