我正在为我的本地集群测试 Fluent-bit,该集群具有 CRI 运行时接口,并且我正在将日志发送到 slack 通道。但问题是 Fluent-Bit 在日志中分配了一个“时间戳”,我无法删除它。也许有人知道解决方案?
这是我的 Fluent-Bit 的 ConfigMap:
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit-config
namespace: logging1
labels:
k8s-app: fluent-bit
data:
# Configuration files: server, input, filters and output
# ======================================================
fluent-bit.conf: |
[SERVICE]
Flush 2
Log_Level info
Daemon off
Parsers_File parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020
@INCLUDE input-kubernetes.conf
@INCLUDE filter-kubernetes.conf
@INCLUDE output-syslog.conf
input-kubernetes.conf: |
[INPUT]
Name tail
Tag kube.*
Path /var/log/containers/*
Parser cri
DB /var/log/flb_kube.db
Mem_Buf_Limit 5MB
Skip_Long_Lines On
filter-kubernetes.conf: |
output-syslog.conf: |
[OUTPUT]
Name slack
Match *
webhook [LINK]
parsers.conf: |
[PARSER]
Name cc
Format regex
Format cri
Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<message>.*)$
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L%z
这也是来自我的应用程序的原始日志:
2023-04-12T16:09:02.016483996Z stderr F 10.244.0.1 - - [12/4/2023 16:09:02]“GET / HTTP/1.1”200 -
这是发送到 Slack 的日志:
[“时间戳”:1681315742.016981904,{“日志”=>“2023-04-12T16:09:02.016483996Z stderr F 10.244.0.1 - - [12/4/2023 16:09:02]“GET / HTTP/1.1” 200-“}]
答案1
您也许可以使用record_transformer 过滤器使用remove_keys删除时间戳键
<filter foo.bar>
@type record_transformer
remove_keys timestamp
</filter>