OpenSearch查看应用日志

上一节部署整个应用的微服务模块时,一起部署了FluentBit,它会在OpenSearch中创建sample_app_logs这个index,本节我们将在OpenSearch中来查看它。

查看~/environment/observability-with-amazon-opensearch/sample-apps/00-fluentBit/kubernetes/fluentbit.yaml,里面配置了FluentBit收集日志的规则,主要包括[SERVICR], [INPUT], [FILTER], [OUTPUT]四个部分:

image-20230826172313882

  fluent-bit.conf: |
    [SERVICE]
        Flush         5
        Log_Level     info
        Daemon        off
        Parsers_File  parsers.conf
        HTTP_Server   On
        HTTP_Listen   0.0.0.0
        HTTP_Port     2020

    @INCLUDE input-kubernetes.conf
    @INCLUDE filter-kubernetes.conf
    @INCLUDE filter-trace-id.conf
    @INCLUDE output-data-prepper.conf
  
  input-kubernetes.conf: |
    [INPUT]
        Name              tail
        Tag               kube.*
        Path              /var/log/containers/*.log
        Parser            docker
        DB                /var/log/flb_kube.db
        Mem_Buf_Limit     50MB
        Skip_Long_Lines   On
        Refresh_Interval  10

  filter-kubernetes.conf: |
    [FILTER]
        Name                kubernetes
        Match               kube.*
        Kube_URL            https://kubernetes.default.svc:443
        Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
        Kube_Tag_Prefix     kube.var.log.containers.
        Merge_Log           Off
        Merge_Log_Key       log_processed
        K8S-Logging.Parser  On
        K8S-Logging.Exclude Off

  filter-trace-id.conf: |
    [FILTER]
        Name              parser
        Match             kube.*
        Key_Name          log
        Parser            traceInfo
        Reserve_Data      On
        Preserve_Key      On
  
  output-data-prepper.conf: |
    [OUTPUT]
        Name              http
        Match             *
        Host              data-prepper.data-prepper.svc.cluster.local
        Port              2021
        tls               Off
        tls.verify        Off
        Format            json
        URI               /log/ingest
        

    [PARSER]
        Name        docker
        Format      json
        Time_Key    time
        Time_Format %Y-%m-%dT%H:%M:%S.%L
        Time_Keep   On

    [PARSER]
        Name        syslog
        Format      regex
        Regex       ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
        Time_Key    time
        Time_Format %b %d %H:%M:%S
        
    [PARSER]
        Name        traceInfo
        Format      regex
        Regex       trace_id=(?<traceId>[^ ]+) span_id=(?<spanId>[^ ]+) resource.service.name=(?<serviceName>[^]]+)

进入到OpenSearch的控制台,在Dev Tools中执行以下命令,确认能查看到sample_app_logs索引:

GET _cat/indices/sample_app_logs*?v

image-20230826172338028

为了能在OpenSearch中搜索日志,我们先创建一个Index Pattern,在Stack Management中点击Create index pattern:

image-20230826172429220

Index pattern name中输入sample_app_logs*,点击下一步:

image-20230826172517743

global time filter里选择time字段,然后点击创建:

image-20230826172554124

创建完成后,进入Discover页面:

image-20230826172630367

Discover页面可以选择时间范围查看日志,并且使用DQL(Dashboards query language)来查询特定日志:

image-20230826172733661