Fluent捕获来自Docker的堆栈跟踪

我试图让Fluentd使用in_tailparsing来自Docker日志logging驱动程序的Java堆栈跟踪，并将它们作为单个消息发出。

对于我的生活，不知道为什么它仍然分裂了他们。

这是一个示例input，正在写入一个文件：

2015-12-17T19:19:47+00:00 docker.java.ubuntu:15.10 {"log":"Exception in thread main java.lang.NullPointerException\r","container_id":"5a064eb23465350a11fe00b1f7787f5bd3e9f0182dd44c09516a72ab4006bd54","container_name":"/src-test_1.0.0.353_989549167.1","source":"stdout"} 2015-12-17T19:19:47+00:00 docker.java.ubuntu:15.10 {"container_id":"5a064eb23465350a11fe00b1f7787f5bd3e9f0182dd44c09516a72ab4006bd54","container_name":"/src-test_1.0.0.353_989549167.1","source":"stdout","log":" at com.example.myproject.Book.getTitle(Book.java:16)\r"} 2015-12-17T19:19:47+00:00 docker.java.ubuntu:15.10 {"container_name":"/src-test_1.0.0.353_989549167.1","source":"stdout","log":" at com.example.myproject.Author.getBookTitles(Author.java:25)\r","container_id":"5a064eb23465350a11fe00b1f7787f5bd3e9f0182dd44c09516a72ab4006bd54"} 2015-12-17T19:19:47+00:00 docker.java.ubuntu:15.10 {"container_id":"5a064eb23465350a11fe00b1f7787f5bd3e9f0182dd44c09516a72ab4006bd54","container_name":"/src-test_1.0.0.353_989549167.1","source":"stdout","log":" at com.example.myproject.Bootstrap.main(Bootstrap.java:14)\r"} 2015-12-17T19:19:47+00:00 docker.java.ubuntu:15.10 {"container_id":"5a064eb23465350a11fe00b1f7787f5bd3e9f0182dd44c09516a72ab4006bd54","container_name":"/src-test_1.0.0.353_989549167.1","source":"stdout","log":"test\r"} 

这是我用于in_tail的configuration：

 <source> @type tail tag docker.multiline path /tmp/fluent/java* pos_file /tmp/fluent/log.pos refresh_interval 10 format multiline format first_line /.*\"log\":\"[^\s].*/ format /\"log\":\"(?<message>.+)\\r/ </source> 

正则expression式对我来说是正确的，当我将它们插入正则expression式testing程序时，first_line正则expression式只匹配我样本的第一行和最后一行，而格式正则expression式匹配每一行，但只捕获堆栈跟踪信息，因为我是期待。 然而，它们都是作为单独的信息出现的，就像first_line匹配每一行，而不是第一个和最后一个。

• 使用consuldynamic地将IP和端口导出到另一个Docker容器
• docker工尝试docker在获取TCP连接拒绝错误