K
Q

How to parse embedded json on part of the log in fluentd (kubernetes)?

5/22/2017

I'm new to fluentd. I'm running some php symfony apps in kubernetes and I would like fluentd to parse specific messages including json subfields.

A docker log looks like in the file:

{"log":"[22-May-2017 09:46:13] WARNING: [pool www] child 18 said into stdout: \"[2017-05-22 09:46:13] app.ERROR: example message log {\"hello\":\"world\",\"test1\":\"value1\"} []\"\n","stream":"stderr","time":"2017-05-22T08:46:13.961351028Z"}

Is it possible for just this type of message to be parsed and the json fields be extracted?

Thanks.

-- Murenasky77
fluentd
kubernetes
monolog

Similar Questions

kubernetes /var/logs/ keeps growing unbounded
After installing kubernetes add-on heapster take login time to load dashboard pod & node status page
kubernetes ingress control CrashLoopBackOff - no service with name kube-system/default-http-backend found
load test kubernetes proxy and improve scalability

1 Answer

6/13/2017

There comes built-in json parser and you could specify your keys whose value needs to be extracted. FYI, I see you could use the default time_key for the timestamp in the docker log you specified.

You can get an overview here http://docs.fluentd.org/v0.12/articles/parser-plugin-overview. Jump onto son section directly.

-- Mayur Nagekar
Source: StackOverflow