regex for nginx ingress on kubernetes
668 views
Skip to first unread message
shane lee
Nov 9, 2017, 9:47:37 PM11/9/17
to Fluentd Google Group
Hi,
I am using nginx ingress on kubernetes. I have deployed fluentd daemonset using coreos example:
For nginx parser, it does not work as they have defined their own log format:
Example is here:
What i would like is to add in extra filter to parse in nginx logs. Similar to below. Anyone already defined the regex for this?
<filter kube.ingress-nginx.nginx-ingress-controller>
@type parser
# Fluentd provides a few built-in formats for popular and common formats such as "apache" and "json".
format nginx
key_name log
# Retain the original "log" field after parsing out the data.
reserve_data true
# The access logs and error logs are interleaved with each other and have
# different formats, so ignore parse errors, as they're expected
suppress_parse_error_log true
</filter>
Message has been deleted
shane lee
Nov 9, 2017, 11:43:58 PM11/9/17
to Fluentd Google Group
Added in filter but still not working:
<filter kube.ingress-nginx.nginx-ingress-controller>
@type parser
# Fluentd provides a few built-in formats for popular and common formats such as "apache" and "json".
format /(?<remote_addr>[^ ]*) - \[(?<proxy_protocol_addr>[^ ]*)\] - (?<remote_user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<request>[^\"]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*) "(?<referer>[^\"]*)" "(?<agent>[^\"]*)" (?<request_length>[^ ]*) (?<request_time>[^ ]*) \[(?<proxy_upstream_name>[^ ]*)\] (?<upstream_addr>[^ ]*) (?<upstream_response_length>[^ ]*) (?<upstream_response_time>[^ ]*) (?<upstream_status>[^ ]*)/
key_name log
# Retain the original "log" field after parsing out the data.
reserve_data true
# The access logs and error logs are interleaved with each other and have
# different formats, so ignore parse errors, as they're expected
suppress_parse_error_log true
</filter>
<match kube.ingress-nginx.nginx-ingress-controller>
type stdout
</match>
Reply all
Reply to author
Forward
0 new messages