我如何过滤 kubernetes 上的 fluentD 日志？

Question

我的 kubernetes 启用了 liveness，它登录应用程序，如下所示：

kubectl logs -n example-namespace example-app node-app
::ffff:127.0.0.1 - - [17/Sep/2020:14:12:19 +0000] "GET /docs HTTP/1.1" 301 175
::ffff:127.0.0.1 - - [17/Sep/2020:14:13:19 +0000] "GET /docs/ HTTP/1.1" 200 3104
::192.168.0.1    - - [17/Sep/2020:14:13:19 +0000] "GET /home-page HTTP/1.1" 200 3104
::ffff:127.0.0.1 - - [17/Sep/2020:14:13:19 +0000] "GET /docs HTTP/1.1" 301 175
::ffff:127.0.0.1 - - [17/Sep/2020:14:13:22 +0000] "GET /docs/ HTTP/1.1" 200 3104

我使用 fluentD 将日志发送到 ClowdWatch。我的 fluentD 配置：

https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/quickstart/cwagent-fluentd-quickstart.yaml

如何过滤，fluentD 只匹配

::192.168.0.1 - - [17/Sep/2020:14:13:19 +0000] "GET /home-page HTTP/1.1" 200 3104

并忽略

::ffff:127.0.0.1 - - [17/Sep/2020:14:13:19 +0000] "GET /docs HTTP/1.1" 301 175

谢谢！

Answer 1

经过一番研究，我找到了这个解决方案：

<match kubernetes.var.log.containers.**_kube-system_**>
  @type null
</match>

还有这个

  <filter **>
   @type grep
   exclude1 log docs
  </filter>

参考文献：

https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/issues/91

https://docs.fluentd.org/filter/grep

编辑

或添加：

      exclude_path ["/var/log/containers/cloudwatch-agent*", "/var/log/containers/fluentd*", "/var/log/containers/*istio*"]

此配置忽略模式为 istio.

的源文件

我如何过滤 kubernetes 上的 fluentD 日志？

How i filter fluentD logs on kubernetes?

logging

amazon-web-services

fluentd

kubernetes

efk