Filebeat8.4通过js处理Docker日志
环境:
Elasticsearch 8.4.0
Kibana 8.4.0
Filebeat 8.4.0
js日志处理文件:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
function parseJson(inputString) { var out = {}; if (inputString === "" || inputString === undefined) { return out; } var json_data = JSON.parse(inputString); for (var key in json_data) { var _key = key.replace(/\./g, "_"); out[_key] = json_data[key]; if (typeof json_data[key] === "string" && json_data[key][0] === "{") { out[_key] = parseJson(json_data[key]); } } return out } function process(event) { var raw = event.Get('message'); var json_data = {is_json:false}; if (raw[0] === "{") { json_data = parseJson(raw); json_data["is_json"] = true; } event.Put('message_json', json_data); } |
filebeat配置文件:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
filebeat.inputs: - type: container enabled: true paths: - /data/docker/containers/*/*.log tags: ["docker"] ignore_older: 1h filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: false setup.template.settings: index.number_of_shards: 1 index.number_of_replicas: 1 setup.kibana: output.elasticsearch: hosts: ["localhost:9200"] protocol: "https" username: 'elastic' password: 'changeme' ssl: enabled: true ca_trusted_fingerprint: 'b248bc2ba68e2d6de854976a55e0881d3899ea1adb3b5c448bbe52b6f896deaf' processors: - script: when.contains: tags: "docker" lang: javascript file: ${path.config}/handle_docker_log.js timeout: 10 logging.level: warning |