Reputation: 681
how to parse kubelet log with fluentd
The origal kubelet log is such like this:
I0605 09:03:41.463195 28799 setters.go:72] Using node IP: "10.127.7.174"
I can parse it in fluentd as:
format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
However, kubespary deploy kubelet as following: 1. journald collects kubelet log; 2. I write a rsyslog file, so kubelet log can be stored in /var/log/kubelet.log. And the log changes to:
Jun 5 09:03:41 k8s-4 kubelet: I0605 09:03:41.463195 28799 setters.go:72] Using node IP: "10.127.7.174"
I wonder how to parse this.
Upvotes: 0
Views: 584
Answers (1)
Reputation: 5243
I've tried to parse your log example file and use the following regexp filter to achieve the result:
format /(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[^ :\[]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/
This will split keys accordingly as per Fluentular output:
time 2019/06/06 08:19:35 +0000
host k8s-4
ident kubelet
message I0605 09:03:41.463195 28799 setters.go:72] Using node IP: "10.127.7.174"
In order to get more stuff to learn about Fluentd regexp just read documentation.
FYI. There is also opportunity to capture logs from systemd via fluent-plugin-systemd as well.
Upvotes: 2
Related Questions
- How do I get fluentd / elasticsearch to parse the "log" key_name as json from a kubernetes pod?
- fluent-bit cannot parse kubernetes logs
- Fluentd on Kubernetes - Parse Nginx Access Log in Json
- How to configure DaemonSet Fluentd to read from custom log file and console
- how to use fluentd to parse mutliple log of kubernetes pod output
- FluentD cannot parse the log file content
- Parse logs in fluentd
- Parsing in FluentD with Regexp
- Using Grok parser in Fluentd
- Parsing data with fluentd