kubernetes - 流利的位解析器不工作。字段未被解析/过滤

问题描述

需要帮忙。我将日志从 fluent-bit 发送到 grafana/loki，但 fluent-bit 无法正确解析日志。我使用 Helm 图表

  fluent-bit.conf: |-
[SERVICE]
    HTTP_Server    On
    HTTP_Listen    0.0.0.0
    HTTP_PORT      2020
    Flush          1
    Daemon         Off
    Log_Level      warn
    Parsers_File   parsers.conf
[INPUT]
    Name           tail
    Tag            kube.*
    Path           /var/log/containers/*.log
    Parser         cri
    DB             /run/fluent-bit/flb_kube.db
    Mem_Buf_Limit  5MB
[FILTER]
    Name           kubernetes
    Match          kube.*
    Kube_URL       https://kubernetes.default.svc:443
    Merge_Log On
    K8S-Logging.Exclude On
    K8S-Logging.Parser On
[Output]
    Name grafana-loki
    Match *
    Url http://1.2.3.4:13100/loki/api/v1/push
    TenantID ""
    BatchWait 1
    BatchSize 1048576
    Labels {job="fluent-bit",env="dev"}
    RemoveKeys kubernetes,stream
    AutoKubernetesLabels false
    LabelMapPath /fluent-bit/etc/labelmap.json
    LineFormat json
    LogLevel warn
  parsers.conf: |-
[PARSER]
    Name        cri
    Format      regex
    Regex       ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<log>.*)$
    Time_Key    time
    Time_Format %Y-%m-%dT%H:%M:%S.%L%z
[PARSER]
    Format regex
    Name nginx
    Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")
    Time_Format %Y-%m-%d %H:%M:%S.%L
    Time_Keep true
    Time_Key apptime

日志示例

10.220.18.16 - - [02/Aug/2021:06:38:38 +0100] "GET /health HTTP/1.1" 200 4991 "-" "kube-probe/1.20" "-"

也许 loki 配置有问题？

标签： kubernetesfluent-bitgrafana-loki