我已阅读此 stackoverflow post。
我遇到了与OP相同的问题,因为我的ECS容器服务中的一些日志由于其大小超过256 kb而被丢弃。 我想知道是否有人可以帮助理解如何使用 MathiasCodes 的以下日志,以便我可以对其进行调整
fluent-bit.conf: |
[SERVICE]
Daemon Off
Flush 2
Grace 5
Log_Level warn
Parsers_File parsers.conf
HTTP_Server ${HTTP_SERVER}
HTTP_Listen 0.0.0.0
HTTP_Port ${HTTP_PORT}
storage.path /var/fluent-bit/state/flb-storage/
storage.sync normal
storage.checksum off
storage.max_chunks_up 128
storage.backlog.mem_limit 5M
scheduler.cap 30
@INCLUDE application-log.conf
@INCLUDE dataplane-log.conf
@INCLUDE host-log.conf
get-size.lua: |
function cb_print(tag, timestamp, record)
if record["log"] ~= nil then
log_size = string.len(record["log"])
record["log_size"] = log_size
-- Print out all logs that are bigger than 255000 bytes
if log_size > 255000 then
print(record["log"])
end
end
return 1, timestamp, record
end
application-log.conf: |
[INPUT]
Name tail
Tag application.*
Exclude_Path /var/log/containers/cloudwatch-agent*, /var/log/containers/fluent-bit*, /var/log/containers/aws-node*
Path /var/log/containers/*.log
multiline.parser java, docker, cri
DB /var/fluent-bit/state/flb_container.db
Mem_Buf_Limit 50MB
Skip_Long_Lines Off
Refresh_Interval 5
Rotate_Wait 30
storage.type filesystem
Read_from_Head ${READ_FROM_HEAD}
[INPUT]
Name tail
Tag application.*
Path /var/log/containers/cloudwatch-agent*
multiline.parser docker, cri
DB /var/fluent-bit/state/flb_cwagent.db
Mem_Buf_Limit 5MB
Skip_Long_Lines Off
Refresh_Interval 30
Read_from_Head ${READ_FROM_HEAD}
[FILTER]
Name lua
Match *
script get-size.lua
call cb_print
[FILTER]
Name kubernetes
Match application.*
Kube_URL https://kubernetes.default.svc:443
Kube_Tag_Prefix application.var.log.containers.
Merge_Log On
Merge_Log_Key log_processed
K8S-Logging.Parser On
K8S-Logging.Exclude Off
Labels On
Annotations Off
[OUTPUT]
Name cloudwatch_logs
Match application.*
region ${AWS_REGION}
log_group_name /aws/containerinsights/${CLUSTER_NAME}/application
log_stream_name $(kubernetes['container_name'])-$(kubernetes['pod_name'])
log_stream_template $kubernetes['container_name'].$kubernetes['pod_name']
auto_create_group On
Retry_Limit False
问题1: '|' 是什么意思符号在第 1 行做什么?
问题2: 我应该在哪里插入这个函数调用? 在输入和输出之间?
我尝试运行该脚本,但没有成功。
符号“|”在yaml中标记它是多行内容
正确地将其插入输入和输出之间。这只是另一个过滤器
[INPUT]
Name tail
...
[FILTER]
Name lua
Match *
script get-size.lua
call cb_print
[OUTPUT]
Name cloudwatch_logs
...
这就是我的脚本的实际样子。
get-size.lua: |
function cb_print(tag, timestamp, record)
if record["message"] ~= nil then
log_size = string.len(record["message"])
record["log_size"] = log_size
if log_size > 255000 then
-- Print only the first 500 bytes of the message
print(string.sub(record["message"], 1, 500))
end
end
return 1, timestamp, record
end
记录本身返回一个表。输出例如
table: 0x7fac475d22f3所以不能直接读取。这就是为什么我通过
record["message"]