我正在使用AWS CLI获取一些Kinesis指标-其中一部分,我可以将输出格式指定为以下之一:https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-quick-configuration-format
输出格式
默认输出格式指定结果的格式。的value可以是以下列表中的任何值。如果你不指定输出格式,使用json作为默认格式。
json – The output is formatted as a JSON字符串。
yaml –输出格式为YAML
字符串。 (仅在AWS CLI版本2中可用。)
文本–输出格式设置为多行制表符分隔字符串值。这对于将输出传递到文本很有用处理器,例如grep,sed或awk。
表–输出使用字符+ |-格式化为表格式形成细胞边界。它通常以“人类友好”格式比其他格式更易于阅读,但在编程上没有用。
我尝试过TEXT,因为这似乎最适合Splunk,但我认为行分隔的数据弄乱了Splenks摄取:
METRICDATARESULTS iteratorAgeMilliseconds itagemillis PartialData
METRICDATARESULTS readProvisionedThroughputExceeded itagemillis PartialData
TIMESTAMPS 2020-04-15T20:21:00+00:00
TIMESTAMPS 2020-04-15T20:20:00+00:00
TIMESTAMPS 2020-04-15T20:19:00+00:00
TIMESTAMPS 2020-04-15T20:18:00+00:00
TIMESTAMPS 2020-04-15T20:17:00+00:00
TIMESTAMPS 2020-04-15T20:16:00+00:00
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
METRICDATARESULTS writeProvisionedThroughputExceeded itagemillis PartialData
TIMESTAMPS 2020-04-15T19:36:00+00:00
TIMESTAMPS 2020-04-15T19:35:00+00:00
TIMESTAMPS 2020-04-15T19:34:00+00:00
TIMESTAMPS 2020-04-15T19:33:00+00:00
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
关于AWS或splunk方面的任何想法,如何最好地处理提取这些数据?
这是CLI命令aws cloudwatch get-metric-data --start-time 16:29 --end-time 23:59 --metric-data-queries file://metric-data-queries.json --output text和metric-data-queries.json的内容
[
{
"Id": "iteratorAgeMilliseconds",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "GetRecords.IteratorAgeMilliseconds",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "readProvisionedThroughputExceeded",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "ReadProvisionedThroughputExceeded",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "writeProvisionedThroughputExceeded",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "WriteProvisionedThroughputExceeded",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "putRecordSuccess",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "PutRecord.Success",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "putRecordsSuccess",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "PutRecords.Success",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "getRecordsSuccess",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "GetRecords.Success",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
}
]
[您会发现Splunk可以很好地处理JSON,因此建议您在其他选项中使用JSON。您可能需要为要摄取的源类型设置KV_MODE=JSON,但默认情况下应该这样做。
例如,查看此处的更多内容,https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Automatickey-valuefieldextractionsatsearch-time
[您也可以查看使用Splunk Apps与AWS集成,例如适用于AWS的Splunk附加组件https://splunkbase.splunk.com/app/1876/和适用于Amazon Kinesis Firehose的Splunk附加组件https://splunkbase.splunk.com/app/3719/