Copy "0" : "emergency"
"1" : "alert"
"2" : "critical"
"3" : "error"
"4" : "warning"
"5" : "notice"
"6" : "informational"
"7" : "debug"
Copy enable : true
inputs :
- Type : service_journal
JournalPaths :
- "/var/log/journal"
flushers :
- Type : flusher_stdout
OnlyStdout : true
Copy {
"PRIORITY" : "6" ,
"_GID" : "0" ,
"_TRANSPORT" : "syslog" ,
"_SYSTEMD_OWNER_UID" : "0" ,
"_BOOT_ID" : "bab**************54b" ,
"_PID" : "21848" ,
"_MACHINE_ID" : "************************" ,
"_CAP_EFFECTIVE" : "3fffffffff" ,
"_COMM" : "crond" ,
"_HOSTNAME" : "iZj*****************1hZ" ,
"_SYSTEMD_SLICE" : "user-0.slice" ,
"MESSAGE" : "(root) CMD (/usr/lib64/sa/sa1 1 1)" ,
"_CMDLINE" : "/usr/sbin/CROND -n" ,
"SYSLOG_FACILITY" : "9" ,
"SYSLOG_IDENTIFIER" : "CROND" ,
"_AUDIT_LOGINUID" : "0" ,
"_SYSTEMD_SESSION" : "3319" ,
"_UID" : "0" ,
"_EXE" : "/usr/sbin/crond" ,
"SYSLOG_PID" : "21848" ,
"_AUDIT_SESSION" : "3319" ,
"_SYSTEMD_CGROUP" : "/user.slice/user-0.slice/session-3319.scope" ,
"_SYSTEMD_UNIT" : "session-3319.scope" ,
"_SOURCE_REALTIME_TIMESTAMP" : "1658823001526225" ,
"_realtime_timestamp_" : "1658823001526482" ,
"_monotonic_timestamp_" : "1637927744052" ,
"__time__" : "1658823031"
}
Kubernetes场景下,使用Logtail的DaemonSet模式采集宿主机的系统日志,由于日志中有很多并不重要的字段,使用处理插件只挑选较为重要的日志字段。
Copy enable : true
inputs :
- Type : service_journal
ParsePriority : true
ParseSyslogFacility : true
JournalPaths :
- "/logtail_host/var/log/journal"
processors :
- Type : processor_filter_regex
Exclude :
UNIT : "^libcontainer.*test"
- Type : processor_pick_key
Include :
- MESSAGE
- PRIORITY
- _EXE
- _PID
- _SYSTEMD_UNIT
- _realtime_timestamp_
- _HOSTNAME
- UNIT
- SYSLOG_FACILITY
- SYSLOG_IDENTIFIER
flushers :
- Type : flusher_stdout
OnlyStdout : true
Copy {
"MESSAGE" : "ejected connection from \"192.168.0.251:48914\" (error \"EOF\", ServerName "")" ,
"PRIORITY" : "informational" ,
"SYSLOG_IDENTIFIER" : "etcd" ,
"_EXE" : "/opt/etcd-v3.3.8/etcd" ,
"_HOSTNAME" : "iZb*****************ueZ" ,
"_PID" : "10590" ,
"_SYSTEMD_UNIT" : "etcd.service" ,
"__source__" : "***.***.***.***" ,
"__tag__:__hostname__" : "logtail-ds-dp48x" ,
"_realtime_timestamp_" : "1547975837008708" ,
}