问题描述
我正试图将原木从Fluentd推向伐木工人。 似乎Fluentd(或某些配置)正在整理/破坏日志行,然后再发送给Lumberjack。
以下是我以JSON格式发送的日志行。
{"storage":"storage89","content":"{\"FeedType\":\"MainRef\",\"mainChannel\":\"0.1\",\"FeedTypeVersion\":\"2.0\",\"source\":\"IdentityControlPlane\",\"FeedId\":\"d0e76761-6c20-4aa9-b290-9ee916d410fd\",\"FeedTime\":\"2020-11-02T20:40:17.186Z\",\"contentType\":\"application/json\",\"data\":{\"FeedGroupingId\":\"0000NMAg2euFw0L6yRbe6G1Vc6dA00003w\",\"FeedName\":\"UpdateFeature\",\"delta\":\"storage89\",\"resourceName\":\"func.main1\",\"identity\":{\"principalName\":\"funcadmin\",\"callerName\":\"funcadmin\",\"groupId\":\"group2\"},\"request\":{\"id\":\"0000NMAg2euFw0L6yRbe6G1Vc6dA00003w\",\"path\":\"Supply/main/Features\",\"action\":\"PATCH\"},\"response\":{\"status\":\"200\",\"responseTime\":\"2020-11-02T20:40:17.186Z\",\"message\":\"func.main1 UpdateFeature succeeded with response null\"},\"stateChange\":{\"current\":{\"adminValuesRemoved\":{\"funcLastModifiedBy\":{\"value\":\"UnAuthenticated\"},\"Meta\":{\"created\":\"2020-10-20T04:51:50Z\",\"lastModified\":\"2020-10-20T04:51:50Z\"},\"name\":\"func.main1\",\"description\":\"Support for provider\",\"funcCreatedBy\":{\"value\":\"UnAuthenticated\"},\"state\":\"disabledForAllTenantsUnlessExplicityEnabled\",\"id\":\"func.main1\"},\"adminValuesAdded\":{\"funcLastModifiedBy\":{\"value\":\"UnAuthenticated\"},\"description\":\"Support Actions\",\"state\":\"enabledAll\",\"id\":\"func.main1\"}}},\"additionalDetails\":{\"hostName\":\"adminHost\",\"actorType\":\"App\",\"hostIp\":\"172.19.0.10\",\"quotaCount\":\"0\",\"actorName\":\"funcadmin\",\"rId\":\"0\",\"serviceName\":\"Admin\",\"ssoAuthnLevel\":\"0\",\"adminResourceId\":\"func.main1\",\"lastReplicatedTime\":\"2020-11-02T20:40:29.278Z\",\"checksum\":\"e1BCS0RGMi1ITUFDLVNIQTI1Nn0xJGRSSG0yQmdzOXVxeFVINWZpMGN0dHJFaDhPUDdWWVdhS3grWkJjWUdCb1I2dytmaUhsTFMyN25XMCtIaVA2Z1hBTkRLNEJoYkR4QjQvMmlFYlFNNW5RPT0=\",\"meterasOPCService\":\"false\",\"adminResourceType\":\"Feature\"},\"internalDetails\":{}}}"}
我要注意的是,如果我注意到Lumberjack收到的日志行,则在Lumberjack返回的错误消息中,日志消息末尾的"}部分丢失了,在日志通过Fluentd推送到Lumberjack之前。
肯定看起来像Fluentd的某些问题或其配置。
下面是我的Fluentd配置。
fluentd.filter.standard.conf: |
<filter standard>
@type parser
format json
<parse>
@type json
time_key time
time_format %iso8601
</parse>
reserve_data true
key_name message
remove_key_name_field true
</filter>
<filter standard>
@type record_transformer
<record>
lumberjack_resource "standard"
lumberjack_log_group "standard"
</record>
</filter>
fluentd.in.standard.conf: |
<source>
@type tail
path "/app/data/app2/*.standard"
pos_file "/app/data/messaging.standard.fluentd.pos"
tag standard
read_from_head true
<parse>
@type none
</parse>
</source>
fluentd.out.standard.conf: |
<match standard>
@type copy
<store ignore_error>
@type lumberjack
@id out_lumberjack_standard
@log_level info
namespace "app"
flatten false
<buffer>
@type memory
chunk_limit_size 4M
flush_thread_count 4
retry_max_interval 30
retry_max_times 10
</buffer>
</store>
</match>
我在这里可以找到什么? 我认为以下几行可能会在将日志消息传输到Lumberjack之前弄乱日志消息。
key_name message
remove_key_name_field true
但是我找不到任何结论性的东西。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)