K
Q

Using fluentd, I want to output only one key data from json data

10/29/2019

I want to output the kubernetes log to a file. but, I could only output it as json data. I want to output only "message" part to file.

How do I choose "message" to print? Which filter should I choose?

<match output_tag>
  @type rewrite_tag_filter
  <rule>
    key $['kubernetes']['labels']['app']
    pattern ^(.+)$
    tag app.$1
  </rule>
</match>
<match app.tom1>
  @type file
  path /logs/tom1
</match>



Execute result:--->

2019-10-30T00:46:05+09:00   app.tom1    {
..
  "message": "2019-10-29 15:46:05,253 DEBUG [org.springframework.web.servlet.DispatcherServlet] Successfully completed request",
  "kubernetes": {
    "labels": {
      "app": "tom1",
..
}


Desired result: --->
2019-10-29 15:46:05,253 DEBUG [org.springframework.web.servlet.DispatcherServlet] Successfully completed request

Thank!

-- user3886878
efk
fluentd
kubernetes

Similar Questions

Does Istio on GKE creates different service account for each service for mutual TLS
kubernetes api servers showing down in prometheus (kube-state-metrics) --"forbidden: User \"system:anonymous\" cannot get path \"/metrics\"",
Where is the root list of CRDs that `operator-courier verify` wants me to update?
add alertmanager to istio prometheus

1 Answer

10/29/2019

Try the single_value <formater> plugin: https://docs.fluentd.org/formatter/single_value

<match app.tom1>
  @type file
  path /logs/tom1
  <format>
    @type single_value
    message_key message
  </format>
</match>
-- Markus
Source: StackOverflow