How to parse JSON from Docker
3,126 views
Skip to first unread message
Tom Wu
Jan 28, 2016, 3:12:01 PM1/28/16
to Fluentd Google Group
Enter code here...
Hi all,
Hi all,
I know that you can use parse or flatten hash plugin to parse a while JSON message, how about this format from log driver fluentd?
2016-01-28 20:04:23 +0000 docker.4643317973d5: {"container_id":"4643317973d56010ecb5990680a40e59be523f04a456686fa565430574e03245","container_name":"/clever_wilson","source":"stdout","log":"{\"key\":\"value\"}","@log_name":"docker.4643317973d5"}
Elasticsearch plugin output looks like, the log field is being treated as string, what I want is to have key being indexed from log body.
{
"_index": "logstash-2016.01.28",
"_type": "fluentd",
"_id": "AVKJ2JABH3dkBxm_sj8h",
"_score": null,
"_source": {
"container_name": "/suspicious_mccarthy",
"source": "stdout",
"log": "\"test\":{\"key\":\"value\"}",
"container_id": "f4a85be832aef70ae4f06258ab7394683a93fdfab704556c68cc976df09d531e",
"@log_name": "docker.f4a85be832ae",
"@timestamp": "2016-01-28T20:06:46+00:00"
},
"fields": {
"@timestamp": [
1454011606000
]
},
"sort": [
1454011606000
]
}
Tom Wu
Jan 28, 2016, 4:35:54 PM1/28/16
to Fluentd Google Group
I think it's more problem of docker where it's log output escaping all double quotes, making it as string
{"log":"{\"key\":\"value\"}\n","stream":"stdout","time":"2016-01-28T21:33:00.642966184Z"}
What's best practice parsing JSON out of Docker json log? Should it be fixed at the source? or replace \" with " in fluentd filter or parser?
Mr. Fiber
Jan 28, 2016, 6:23:11 PM1/28/16
to Fluentd Google Group
--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tom Wu
Jan 29, 2016, 6:41:07 AM1/29/16
to Fluentd Google Group
This is a working solution, https://github.com/docker/docker/issues/17830
Jakub Veverka
Jul 13, 2016, 2:53:15 PM7/13/16
to Fluentd Google Group
This was one of the top links when I was looking for solution to this problem.
There is fine solution to solve Docker weird log format in fluentd docs - http://www.fluentd.org/guides/recipes/docker-logging
There is fine solution to solve Docker weird log format in fluentd docs - http://www.fluentd.org/guides/recipes/docker-logging
Reply all
Reply to author
Forward
0 new messages