Fluentd 解析器插件模式与数据不匹配
Fluentd parser plugin pattern not matched with data
您好,我正在为 fluentD 编写自定义插件,我需要使用此插件从 syslog5424 格式解析一个字段,ruby 代码在您 运行 没有 fluentd 的情况下工作得很好但不是当它 运行 作为插件时
错误
#<Fluent::Plugin::Parser::ParserError: pattern not matched with data '[kubernetes@47450 app="api-mma" pod-template-hash="9849d88d6"
namespace_name="qa" object_name="api-mma-9849d88d6-59mzd"
container_name="api-mma"
vm_id="91cdf0e0-b1fb-45bc-8a3f-c85b027af505"]'>
自定义插件:
require 'fluent/plugin/parser'
require 'json'
module Fluent::Plugin
class TKGIMetadataParser < Parser
# Register this parser as 'tkgi_metadata'
Fluent::Plugin.register_parser('tkgi_metadata', self)
# `delimiter` is configurable with ' ' as default
config_param :delimiter, :string, default: ' '
def configure(conf)
super
if @delimiter.length != 1
raise ConfigError, "delimiter must be a single character. #{@delimiter} is not."
end
end
def parse(text)
left_braket_pos = text.index('['.freeze)
right_braket_pos = text.index(']'.freeze)
data = text.slice(left_braket_pos + 1, right_braket_pos - 1)
source, key_values = data.split(' ', 2)
record = {}
#key_values.gsub!(/[\"]/,'')
key_values.split(' ').each do |kv|
k, v = kv.split('=', 2)
record[k] = v
end
record.merge!(source: source)
yield record.to_json
end
end
end
fluentd.conf
<filter k8s>
@type parser
key_name syslog5424_sd
reserve_data true
reserve_time true
<parse>
@type tkgi_metadata
</parse>
</filter>
示例日志:
[kubernetes@47450 app="api-mma" pod-template-hash="9849d88d6" namespace_name="qa" object_name="api-mma-9849d88d6-59mzd" container_name="api-mma" vm_id="91cdf0e0-b1fb-45bc-8a3f-c85b027af505"]
您需要以散列形式产生时间和记录:
def parse(text)
# ...
yield convert_values(parse_time(record), record)
end
示例:https://github.com/fluent/fluentd/blob/master/lib/fluent/plugin/parser_ltsv.rb#L46-L47
我发现你需要传递两个参数两个 yield 才能完成这项工作,@Panic 回答中提到的内容挑衅地给了我一个先机,但我最终做了
def parse(text)
# ...
yield nil, record
end
您好,我正在为 fluentD 编写自定义插件,我需要使用此插件从 syslog5424 格式解析一个字段,ruby 代码在您 运行 没有 fluentd 的情况下工作得很好但不是当它 运行 作为插件时
错误
#<Fluent::Plugin::Parser::ParserError: pattern not matched with data '[kubernetes@47450 app="api-mma" pod-template-hash="9849d88d6" namespace_name="qa" object_name="api-mma-9849d88d6-59mzd" container_name="api-mma" vm_id="91cdf0e0-b1fb-45bc-8a3f-c85b027af505"]'>
自定义插件:
require 'fluent/plugin/parser'
require 'json'
module Fluent::Plugin
class TKGIMetadataParser < Parser
# Register this parser as 'tkgi_metadata'
Fluent::Plugin.register_parser('tkgi_metadata', self)
# `delimiter` is configurable with ' ' as default
config_param :delimiter, :string, default: ' '
def configure(conf)
super
if @delimiter.length != 1
raise ConfigError, "delimiter must be a single character. #{@delimiter} is not."
end
end
def parse(text)
left_braket_pos = text.index('['.freeze)
right_braket_pos = text.index(']'.freeze)
data = text.slice(left_braket_pos + 1, right_braket_pos - 1)
source, key_values = data.split(' ', 2)
record = {}
#key_values.gsub!(/[\"]/,'')
key_values.split(' ').each do |kv|
k, v = kv.split('=', 2)
record[k] = v
end
record.merge!(source: source)
yield record.to_json
end
end
end
fluentd.conf
<filter k8s>
@type parser
key_name syslog5424_sd
reserve_data true
reserve_time true
<parse>
@type tkgi_metadata
</parse>
</filter>
示例日志:
[kubernetes@47450 app="api-mma" pod-template-hash="9849d88d6" namespace_name="qa" object_name="api-mma-9849d88d6-59mzd" container_name="api-mma" vm_id="91cdf0e0-b1fb-45bc-8a3f-c85b027af505"]
您需要以散列形式产生时间和记录:
def parse(text)
# ...
yield convert_values(parse_time(record), record)
end
示例:https://github.com/fluent/fluentd/blob/master/lib/fluent/plugin/parser_ltsv.rb#L46-L47
我发现你需要传递两个参数两个 yield 才能完成这项工作,@Panic 回答中提到的内容挑衅地给了我一个先机,但我最终做了
def parse(text)
# ...
yield nil, record
end