流利达不到预期的结果

时间:2018-07-16 06:47:12

标签: fluentd

我在centos 7上详细记录了td-agent2.5的日志,但是我无法得到任何预期的结果和错误的日志。有关我的环境的一些信息:

/tmp/kube-apiserver-audit.log 

{"kind":"Event","apiVersion":"audit.k8s.io/v1beta1","metadata":{"creationTimestamp":"2018-07-13T10:16:17Z"},"level":"Request","timestamp":"2018-07-13T10:16:17Z","auditID":"64fd98b8-a42b-4609-9c9c-f091a3f68ae5","stage":"RequestReceived","requestURI":"/api/v1/nodes?limit=500\u0026resourceVersion=0","verb":"list","user":{"username":"system:apiserver","uid":"38119b44-f361-4d33-a721-20c37a8f7761","groups":["system:masters"]},"sourceIPs":["::1"],"userAgent":"hyperkube/v1.11.0 (linux/amd64) kubernetes/e943d09","objectRef":{"resource":"nodes","apiVersion":"v1"},"requestReceivedTimestamp":"2018-07-13T10:16:17.743074Z","stageTimestamp":"2018-07-13T10:16:17.743074Z"}
...

/etc/td-agent/td-agent.conf 

<source>
    @type tail
    # audit log path of kube-apiserver
    path /tmp/kube-apiserver-audit.log
    pos_file /tmp/audit.pos
    format json
    time_key time
    time_format %Y-%m-%dT%H:%M:%S.%N%z
    tag audit
</source>

<filter audit>
    #https://github.com/fluent/fluent-plugin-rewrite-tag-filter/issues/13
    type record_transformer
    enable_ruby
    <record>
     namespace ${record["objectRef"].nil?"none":(record["objectRef"]["namespace"].nil? "none":record["objectRef"]["namespace"])}
    </record>
</filter>

<match audit>
    # route audit according to namespace element in context
    @type rewrite_tag_filter
    rewriterule1 namespace ^(.+) ${tag}.$1
</match>

<filter audit.**>
   @type record_transformer
   remove_keys namespace
</filter>

<match audit.**>
    @type forest
    subtype file
    remove_prefix audit
    <template>
        time_slice_format %Y%m%d%H
        compress gz
        path /tmp/audit-${tag}.*.log
        format json
        include_time_key true
    </template>
</match>

0 个答案:

没有答案
相关问题
最新问题