Stackdriver Logging 无法识别 JSON 日志中的时间字段

tag-icon tag-icon google-kubernetes-engine google-stackdriver
Stackdriver Logging 无法识别 JSON 日志中的时间字段

我正在将 Google Kubernetes Engine (GKE) 与 Stackdriver Logging 结合使用。

Stackdriver 的文档说日志代理使用一些特殊字段来设置 LogEntry 对象中的字段。

至于severity字段,它工作正常。但是,time字段没有按预期工作。

以下 JSON 是 MySQL 错误日志,已被修改并重定向到 stdout:

(为清晰起见,已美化并添加注释)

{
  "prio": 0,
  "err_code": 11323,
  "component": "mysqlx",
  "source_line": 154,
  "source_file": "socket_acceptors_task.cc",
  "function": "show_startup_log",
  "msg": "X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' bind-address: '::' port: 33060",
  "err_symbol": "ER_XPLUGIN_LISTENER_STATUS_MSG",
  "SQL_state": "HY000",
  "subsystem": "Server",
  "label": "System",

  // Added for Stackdriver Logging
  "severity": "INFO",
  "time": "1548054692.636",

  // This is the same time written in human-readable format.
  "time.readable": "2019-01-21T07:11:32.636761Z"
}

以下是 Stackdriver Logging 记录的相应日志:

(为清晰起见,已美化并添加注释)

{
  "insertId": "1jibhqgfw4kum0",
  "jsonPayload": {
    // Both `severity` and `time` fields were removed.

    "msg": "X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' bind-address: '::' port: 33060",
    "label": "System",
    "prio": 0,
    "err_code": 11323,
    "time.readable": "2019-01-21T07:11:32.636761Z",
    "subsystem": "Server",
    "source_file": "socket_acceptors_task.cc",
    "err_symbol": "ER_XPLUGIN_LISTENER_STATUS_MSG",
    "function": "show_startup_log",
    "SQL_state": "HY000",
    "source_line": 154,
    "component": "mysqlx"
  },
  "resource": {
    "type": "container",
    "labels": {
      "namespace_id": "myproject",
      "instance_id": "506697609301173766",
      "zone": "asia-east1-b",
      "pod_id": "demo-demoid1234567890-sns7g",
      "project_id": "harai-development",
      "cluster_name": "myproject",
      "container_name": "mysql-errorlog-output"
    }
  },

  // `timestamp` doesn't reflect the value in the original log,
  // which is "2019-01-21T07:11:32.636761Z".
  "timestamp": "2019-01-21T07:11:44Z",

  // `severity` reflects the value in the original log
  "severity": "INFO",

  "labels": {
    "compute.googleapis.com/resource_name": "fluentd-gcp-v3.1.0-pwc9k",
    "container.googleapis.com/pod_name": "demo-demoid1234567890-sns7g",
    "container.googleapis.com/stream": "stdout",
    "container.googleapis.com/namespace_name": "myproject"
  },
  "logName": "projects/harai-development/logs/mysql-errorlog-output",
  "receiveTimestamp": "2019-01-21T07:11:49.560205566Z"
}

虽然timeseverity字段都被删除了,但是timestampLogEntry 中的字段并不反映原始time字段中指定的时间。

如何设置timestamp日志创建时间?

答案1

在GKE集群的Fluentd配置中,时间格式定义如下:

time_format %Y-%m-%dT%H:%M:%S.%NZ

time因此,将该字段设置为 ,它将按预期工作"2019-01-21T07:11:32.636761000Z"

参考:https://issuetracker.google.com/issues/123303610

相关内容