我通过FluentD驱动程序从Docker容器中发出了一些JSON,如:
'{"timeMillis":1485917543709,"thread":"main","level":"INFO","loggerName":"com.imageintelligence.ava.api.Boot","message":"{\"dom\":\"DOM\"}","loggerFqcn":"org.apache.logging.slf4j.Log4jLogger","threadId":1,"threadPriority":5}'
请注意,message字段是字符串编码的JSON?当这个数据被fluentD捕获时,它最终看起来像预期的那样:
2017-02-01 06:29:15 +0000 docker.6faad650faa6: {"log":"{\"timeMillis\":1485917543709,\"thread\":\"main\",\"level\":\"INFO\",\"loggerName\":\"com.imageintelligence.ava.api.Boot\",\"message\":\"{\\\"dom\\\":\\\"DOM\\\"}\",\"loggerFqcn\":\"org.apache.logging.slf4j.Log4jLogger\",\"threadId\":1,\"threadPriority\":5}\r","com.amazonaws.ecs.cluster":"dombou","container_id":"6faad650faa6012af4f32df79901b42488543a5e6e53517fe3579b01ab2b6862","container_name":"/upbeat_booth","source":"stdout"}`
我使用像这样的过滤器来解析JSON:
<filter docker.**>
@type parser
format json
key_name log
reserve_data true
hash_value_field log
</filter>
我最终得到了半消毒的JSON:
2017-02-01 06:32:10 +0000 docker.68c794f7f694: {"source":"stdout","log":{"timeMillis":1485917543709,"thread":"main","level":"INFO","loggerName":"com.imageintelligence.ava.api.Boot","message":"{\"dom\":\"DOM\"}","loggerFqcn":"org.apache.logging.slf4j.Log4jLogger","threadId":1,"threadPriority":5},"com.amazonaws.ecs.cluster":"dombou","container_id":"68c794f7f6948d4261b9497947834651abbf766e9aa51a76f39d6895b7a9ac18","container_name":"/sad_hamilton"}
问题是,message字段仍然是字符串转义的JSON字段。关于如何解析内部JSON字段的任何建议?如何堆叠过滤器?
答案 0 :(得分:0)
请尝试以下插件,让我知道它是怎么回事:
答案 1 :(得分:0)
您可以尝试顺序过滤器:
<filter docker.**>
@type parser
key_name log
format json
reserve_data true
</filter>
<filter docker.*.embeded_json.**>
@type parser
key_name message
format json
reserve_data true
</filter>
答案 2 :(得分:0)
定义过滤器并使用json_in_json插件进行流畅。在此过滤器之后,为此过滤器定义匹配器以对日志执行进一步处理。
这可以帮助你解析嵌套的json。你可能还需要添加 gem install fluent-plugin-json-in-json,如果它还没有出现。 参考 - https://github.com/gmr/fluent-plugin-json-in-json