英文:
How to use OpenTelemetry processor to parse information in body.str attribute of the logs?
问题
我是OpenTelemetry项目的新手,正在一个小的Kubernetes集群上测试它,以使用filelogprocessor处理一些日志。使用attributesprocessor,我可以通过对以attributes关键字开头的日志值进行哈希处理、删除、插入等操作来操作日志的属性。我可以使用resourceattributes处理器执行相同的操作。以下是我在Helm值中用于哈希处理的示例:
processors:
attributes/example:
actions:
- key: log.file.path
action: hash
- key: time
action: hash
resource:
attributes:
- key: k8s.container.name
action: hash
然而,我的日志中有一个body.str字段,我认为处理器无法解析它,我也找不到任何其他有用的处理器来操作该字段中的信息。
是否有任何方式可以对body.str中包含的数据执行操作,例如,删除具有body.str中的entryPointName具有特定值的日志?
以下是body.str日志的示例:
body.str {
ClientHost: '10.1.0.33',
ClientPort: '47470',
ClientUsername: '-',
DownstreamContentSize: 2,
DownstreamStatus: 200,
OriginContentSize: 2,
OriginDuration: 15843,
OriginStatus: 200,
Overhead: 40472,
RequestAddr: '10.1.0.36:9000',
RequestContentSize: 0,
RequestHost: '10.1.0.36',
RequestMethod: 'GET',
RequestPath: '/ping',
RequestPort: '9000',
RequestProtocol: 'HTTP/1.1',
RequestScheme: 'http',
RetryAttempts: 0,
RouterName: 'ping@internal',
StartUTC: '2023-07-03T14:08:26.980876844Z',
entryPointName: 'traefik',
level: 'info',
msg: '',
time: '2023-07-03T14:08:26Z',
}
英文:
I'm new to the OpenTelemetry project and I'm testing it out on a small Kubernetes cluster to process some logs using a filelogprocessor. Using the attributesprocessor I can manipulate attributes from the log that begin with the attributes keyword by hashing the value, deleting, inserting etc. I can do the same with the resourceattributes processor An example of what I have in my helm values for the hashing is this:
processors:
attributes/example:
actions:
- key: log.file.path
action: hash
- key: time
action: hash
resource:
attributes:
- key: k8s.container.name
action: hash
attributes.environment prod
attributes.log.file.path 0ae05f2b5c9771153b3e4861cc78f670e8697804
attributes.log.iostream stdout
attributes.time 9fd07c1b865b5c945ac1c3a4d14a4457dab037dc
However, my logs come with a body.str field that I assume couldn't be parsed by the processors and I couldn't figure out any other processor useful to manipulate the information in that field.
Is there any way that I can perform operation in the data contained in the body.str say, for example, drop a log that has a given value for entryPointName in the body.str?
This is an example of what the body.str of the log looks like
body.str {
ClientHost: '10.1.0.33',
ClientPort: '47470',
ClientUsername: '-',
DownstreamContentSize: 2,
DownstreamStatus: 200,
OriginContentSize: 2,
OriginDuration: 15843,
OriginStatus: 200,
Overhead: 40472,
RequestAddr: '10.1.0.36:9000',
RequestContentSize: 0,
RequestHost: '10.1.0.36',
RequestMethod: 'GET',
RequestPath: '/ping',
RequestPort: '9000',
RequestProtocol: 'HTTP/1.1',
RequestScheme: 'http',
RetryAttempts: 0,
RouterName: 'ping@internal',
StartUTC: '2023-07-03T14:08:26.980876844Z',
entryPointName: 'traefik',
level: 'info',
msg: '',
time: '2023-07-03T14:08:26Z',
}
答案1
得分: 1
多个处理器支持一种称为OpenTelemetry Transformation Language (OTTL)的通用语言,它允许您使用路径表达式引用遥测的各种元素。对于日志,可能的路径在这里进行了描述。
对于特定的示例,如果要丢弃包含特定值的日志,该值位于 entryPointName 字段中,您可以使用 filter 处理器。
processors:
filter:
logs:
log_record:
- 'IsMatch(body["str"]["entryPointName"], "traefik")'
transform 处理器 也使用了 OTTL,并且可能对许多其他类型的操作有用。
英文:
Several processors support a common language called OpenTelemetry Transformation Language (OTTL) which allows you to refer to various elements of telemetry using a path expression. For logs, the possible paths are described here.
For the specific example of dropping a log that contains a given value in the entryPointName field, you could use the filter processor.
processors:
filter:
logs:
log_record:
- 'IsMatch(body["str"]["entryPointName"], "traefik")'
The transform processor also uses OTTL and may be useful for many other types of manipulations.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论