feat: kubernetes parse json message for some pod
This commit is contained in:
parent
a9cd4f080a
commit
2dafb5e113
@ -15,10 +15,23 @@ processors:
|
|||||||
- add_docker_metadata:
|
- add_docker_metadata:
|
||||||
host: "unix:///var/run/docker.sock"
|
host: "unix:///var/run/docker.sock"
|
||||||
- add_host_metadata: ~
|
- add_host_metadata: ~
|
||||||
- decode_json_fields:
|
- dissect:
|
||||||
fields: ["message"]
|
tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} %{nginx.geoip_latitude} %{nginx.geoip_longitude}'
|
||||||
target: "json"
|
target_prefix: ""
|
||||||
overwrite_keys: true
|
field: "message"
|
||||||
|
when:
|
||||||
|
equals:
|
||||||
|
container.name: nginxfront
|
||||||
|
- timestamp:
|
||||||
|
field: nginx.time
|
||||||
|
target_field: nginx.time
|
||||||
|
layouts:
|
||||||
|
- '02/Jan/2006:15:04:05 -0700'
|
||||||
|
test:
|
||||||
|
- '27/May/2022:21:41:02 +0000'
|
||||||
|
when:
|
||||||
|
equals:
|
||||||
|
container.name: nginxfront
|
||||||
|
|
||||||
setup:
|
setup:
|
||||||
kibana:
|
kibana:
|
||||||
|
@ -29,6 +29,17 @@ processors:
|
|||||||
format: offset
|
format: offset
|
||||||
- add_kubernetes_metadata:
|
- add_kubernetes_metadata:
|
||||||
- add_host_metadata: ~
|
- add_host_metadata: ~
|
||||||
|
- decode_json_fields:
|
||||||
|
fields: [ "message" ]
|
||||||
|
target: "message_json"
|
||||||
|
when:
|
||||||
|
or:
|
||||||
|
- equals:
|
||||||
|
kubernetes.container.name: etcd
|
||||||
|
- equals:
|
||||||
|
kubernetes.container.name: kilo
|
||||||
|
- equals:
|
||||||
|
kubernetes.container.name: cfssl-issuer
|
||||||
|
|
||||||
setup:
|
setup:
|
||||||
kibana:
|
kibana:
|
||||||
|
Loading…
Reference in New Issue
Block a user