支持else与otherwise
/foo/ { ACTION1 } else { ACTION2 }
支持嵌套
/foo/ { /foo1/ { ACTION1 } /foo2/ { ACTION2 } otherwise { ACTION3 } }
支持命名与非命名提取
/(?P<operation>\S+) (\S+) \[\S+\] (\S+) \(\S*\) \S+ (?P<bytes>\d+)/ { bytes_total[$operation][$3] += $bytes }
增加常量label
# test.mtail # 定义常量label env hidden text env # 给label 赋值 这样定义是global范围; # 局部添加,则在对应的condition中添加 env="production" counter line_total by logfile,env /^(?P<date>\w+\s+\d+\s+\d+:\d+:\d+)/ { line_total[getfilename()][env]++ } 获取到的metrics中会添加上env=production的label 如下: # metrics line_total{env="production",logfile="/path/to/xxxx.log",prog="test.mtail"} 4 1661165941788
命名提取的变量可以在条件中使用
/(?P<x>\d+)/ && $x > 1 { nonzero_positives++ }
时间处理
不显示处理,则默认使用系统时间 默认emit_metric_timestamp=“false”(注意是字符串) http_latency_bucket{prog="histo.mtail",le="1"} 0 http_latency_bucket{prog="histo.mtail",le="2"} 0 http_latency_bucket{prog="histo.mtail",le="4"} 0 http_latency_bucket{prog="histo.mtail",le="8"} 0 http_latency_bucket{prog="histo.mtail",le="+Inf"} 0 http_latency_sum{prog="histo.mtail"} 0 http_latency_count{prog="histo.mtail"} 0 参数 emit_metric_timestamp=“true”(注意是字符串) http_latency_bucket{prog="histo.mtail",le="1"} 1 1661152917471 http_latency_bucket{prog="histo.mtail",le="2"} 2 1661152917471 http_latency_bucket{prog="histo.mtail",le="4"} 2 1661152917471 http_latency_bucket{prog="histo.mtail",le="8"} 2 1661152917471 http_latency_bucket{prog="histo.mtail",le="+Inf"} 2 1661152917471 http_latency_sum{prog="histo.mtail"} 3 1661152917471 http_latency_count{prog="histo.mtail"} 4 1661152917471 使用日志的时间 Aug 22 15:28:32 GET /api/v1/pods latency=2s code=200 Aug 22 15:28:32 GET /api/v1/pods latency=1s code=200 Aug 22 15:28:32 GET /api/v1/pods latency=0s code=200 histogram http_latency buckets 1, 2, 4, 8 /^(?P<date>\w+\s+\d+\s+\d+:\d+:\d+)/ { strptime($date, "Jan 02 15:04:05") /latency=(?P<latency>\d+)/ { http_latency=$latency } }
标签:latency,le,http,mtail,采集,histo,prog,日志 From: https://www.cnblogs.com/boye169/p/17239166.html