我有这个流畅的设置:
docker-compose:
version: "3.7"
services:
fluentd:
image: fluentd:latest
volumes:
- ./fluentd.conf:/fluentd/etc/fluent.conf
ports:
- 24224:24224
fluentd.conf
<source>
@type forward
port 24224
bind 0.0.0.0
</source>
<match docker.**>
@type stdout
</match>
<filter docker.**>
@type parser
key_name log
<parse>
@type regexp
expression /^(?<host>[^ ]*) .*$/
</parse>
</filter>
我运行这个 apache 容器来测试 fluentd:
version: "3.7"
services:
httpd:
image: httpd:latest
logging:
driver: fluentd
options:
tag: docker.httpd.log
ports:
- 80:80
当我创建一个时curl localhost,我在 fluentd 选项卡中得到了这个日志:
fluentd_1 | 2019-06-18 13:31:20.000000000 +0000 docker.httpd.log: {"container_name":"/fluentd_httpd_1","source":"stdout","log":"172.22.0.1 - - [18/Jun/2019:13:31:20 +0000] \"GET / HTTP/1.1\" 200 45","container_id":"07dce5f130befb3a94bb193e76a1331844c08d5370f44fdcec81399a7e8ee7e3"}
我试图通过这个 apache 示例弄清楚如何使用正则表达式解析过滤器,但我无法设法在独立字段中获取消息的任何部分,例如host: 172.22.0.1
你知道我做错了什么吗?