Parsing nginx logs inside of docker logs

[Riley Eynon-Lynch]

Hello!

I'm running nginx in a docker container on kubernetes, and my log lines look like this:

{"log":"10.72.0.1 - - [05/Nov/2016:02:05:38 +0000] \"GET / HTTP/1.1\" 304 0 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2906.0 Safari/537.36\" \"-\"\n","stream":"stdout","tag":"kubernetes.var.log.containers.my-nginx-379829228-ouolf_default_my-nginx-409eb594dc73fe7a8fd95e102d83fe7ccb5e42c6c7c99f7000516f773939ec3a.log","@timestamp":"2016-11-05T02:05:38+00:00"}

I currently have fluentd running in the default setup and it is doing a good job of pulling out the different keys in this json, but the actual nginx log all comes out as a single string. I would like to parse the "log" value, which is from nginx, so that elasticsearch can e.g. bucket on response status or URI.

Is this recommendable? Do I need a mixture of plugins for something like this? I am completely new to fluentd and I'm not sure where to look for advice on this. Thanks for any help!

Riley

[Mr. Fiber]

Hi,

See Additional Step 1 on following official article:

http://www.fluentd.org/guides/recipes/docker-logging

Masahiro

--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.