获取到的log内容其中包含不同的信息,使用正则进行筛选,按照不同的内容输出到不同的地方,比如{“log”:”Error Something”}和{“log”:”Info Somethins”}将其输出到不同的地方

使用fluentd的copy和match中的grep插件进行内容区分
fluentd服务器配置文件

<source>
  type forward
  port 24224
  bind 0.0.0.0
</source>

# 接收来自容器标准输出的日志
<match system_out.docker.*.**>
  type forest
  subtype file
  <template>
    path /home/lee/fluentd-log/${tag_parts[0]}/${tag_parts[2]}/temp
  </template>
</match>

# 接收来自容器标准错误输出的日志,并且其中log字段包含200(客户端进行了筛选)
<match program_out.system_err.docker.*.**>
  type forest
  subtype file
  <template>
    path /home/lee/fluentd-log/${tag_parts[0]}/${tag_parts[3]}/temp
  </template>
</match>

# 接收来自容器标准错误输出的日志,并且其中log字段不包含200
<match program_err.system_err.docker.*.**>
  type forest
  subtype file
  <template>
    path /home/lee/fluentd-log/${tag_parts[0]}/${tag_parts[3]}/temp
  </template>
</match>

fluentd客户端配置文件

<source>
  type forward
  port 24224
  bind 0.0.0.0
</source>

# 接收来自容器的日志
# 根据source字段包含的内容,重新添加tag
<match docker.**>
  type rewrite_tag_filter 
  rewriterule1 source stdout system_out.${tag}
  rewriterule2 source stderr system_err.${tag}
</match>

# 匹配原先source字段是stderr的日志
<match system_err.**>
  type copy
  <store>
    # 如果log字段中含有200,就添加tag前缀program_out
    type grep
    regexp1 log 200
    add_tag_prefix program_out
  </store>
  <store>
    # 如果log字段中不含有200,就添加tag前缀program_err  
    type grep
    exclude log 200
    add_tag_prefix program_err
  </store>  
</match>

# 转发到服务器
<match **>
    type forward    
    <server>
      host 192.168.126.136
      port 24224
    </server>
    flush_interval 5s
</match>

测试容器
开启容器

root@localhost:temp# docker run --name temp01 --log-driver=fluentd \
--log-opt tag="docker.{{.Name}}" --log-opt fluentd-async-connect=true \
-d -p 8000:8000 imekaku/simple-web python /work/simple.py
f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e

查看区分之后的日志:

# 路径
lee@lee-PC:temp01$ pwd
/home/lee/fluentd-log/program_out/temp01

# 包含200的日志
lee@lee-PC:temp01$ cat temp.20160920.b53cea4572521e465 
2016-09-20T23:09:23+08:00       program_out.system_err.docker.temp01    {"container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr","log":"[I 160920 15:09:23 web:1971] 200 GET / (192.168.126.1) 1.48ms"}
2016-09-20T23:09:23+08:00       program_out.system_err.docker.temp01    {"source":"stderr","log":"[I 160920 15:09:23 web:1971] 200 GET / (192.168.126.1) 1.83ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01"}
2016-09-20T23:09:23+08:00       program_out.system_err.docker.temp01    {"log":"[I 160920 15:09:23 web:1971] 200 GET / (192.168.126.1) 8.75ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr"}
2016-09-20T23:09:23+08:00       program_out.system_err.docker.temp01    {"source":"stderr","log":"[I 160920 15:09:23 web:1971] 200 GET / (192.168.126.1) 2.16ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01"}
2016-09-20T23:09:24+08:00       program_out.system_err.docker.temp01    {"container_name":"/temp01","source":"stderr","log":"[I 160920 15:09:24 web:1971] 200 GET / (192.168.126.1) 1.60ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c"}
2016-09-20T23:09:24+08:00       program_out.system_err.docker.temp01    {"log":"[I 160920 15:09:24 web:1971] 200 GET / (192.168.126.1) 1.32ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr"}
2016-09-20T23:09:24+08:00       program_out.system_err.docker.temp01    {"log":"[I 160920 15:09:24 web:1971] 200 GET / (192.168.126.1) 1.22ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr"}
2016-09-20T23:09:24+08:00       program_out.system_err.docker.temp01    {"container_name":"/temp01","source":"stderr","log":"[I 160920 15:09:24 web:1971] 200 GET / (192.168.126.1) 1.13ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c"}
2016-09-20T23:09:25+08:00       program_out.system_err.docker.temp01    {"log":"[I 160920 15:09:25 web:1971] 200 GET / (192.168.126.1) 2.33ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr"}
2016-09-20T23:09:25+08:00       program_out.system_err.docker.temp01    {"source":"stderr","log":"[I 160920 15:09:25 web:1971] 200 GET / (192.168.126.1) 1.23ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01"}


# 路径
lee@lee-PC:temp01$ pwd
/home/lee/fluentd-log/program_err/temp01

# 不包含200的日志
lee@lee-PC:temp01$ cat temp.20160920.b53cea4b1786de3aa 
2016-09-20T23:10:55+08:00       program_err.system_err.docker.temp01    {"container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01","source":"stderr","log":"[I 160920 15:10:55 web:1971] 304 GET / (192.168.126.1) 1.33ms"}
2016-09-20T23:14:12+08:00       program_err.system_err.docker.temp01    {"log":"[I 160920 15:14:12 web:1971] 304 GET / (192.168.126.1) 2.82ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01","source":"stderr"}
2016-09-20T23:14:12+08:00       program_err.system_err.docker.temp01    {"container_name":"/temp01","source":"stderr","log":"[I 160920 15:14:12 web:1971] 304 GET / (192.168.126.1) 1.43ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e"}
2016-09-20T23:14:12+08:00       program_err.system_err.docker.temp01    {"log":"[I 160920 15:14:12 web:1971] 304 GET / (192.168.126.1) 1.45ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01","source":"stderr"}
2016-09-20T23:14:13+08:00       program_err.system_err.docker.temp01    {"log":"[I 160920 15:14:13 web:1971] 304 GET / (192.168.126.1) 2.39ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01","source":"stderr"}
2016-09-20T23:14:13+08:00       program_err.system_err.docker.temp01    {"source":"stderr","log":"[I 160920 15:14:13 web:1971] 304 GET / (192.168.126.1) 1.40ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01"}
2016-09-20T23:14:13+08:00       program_err.system_err.docker.temp01    {"source":"stderr","log":"[I 160920 15:14:13 web:1971] 304 GET / (192.168.126.1) 1.46ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01"}

参考链接:
使用regexp正则匹配log内容讨论-Question about the behavior of grep plugin.
fluentd复制内容-copy Output Plugin
fluentd retag
fluent-plugin-grep在match中使用grep
grep Filter Plugin在filter中使用grep
过滤和修改tag
Gitbook Data Collection-Fluentd
转载请注明:Imekaku-Blog » Fluentd使用正则匹配log内容,输出到不同的存储介质

原文地址
http://www.imekaku.com/2016/09/20/fluentd-regexp-log-output-different-disk/

文档更新时间: 2020-09-29 14:21   作者:月影鹏鹏