我正在使用AWS CLI获取一些Kinesis指标,其中一部分我可以将输出格式指定为以下格式之一:https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-快速配置格式
输出格式
默认输出格式指定结果的格式。这个值可以是以下列表中的任何值。如果你不这样做指定输出格式,json将用作默认格式。
json – The output is formatted as a JSON字符串。
yaml–输出格式化为yaml
字符串。(仅在AWS CLI版本2中提供。(
text–输出格式为多行制表符分隔字符串值。这对于将输出传递给文本非常有用处理器,如grep、sed或awk。
table–输出格式为表格,使用字符+|-to形成单元格边界。它通常在"人性化"格式,比其他格式更容易阅读,但在编程上没有那么有用。
我尝试过TEXT,因为这似乎是最合理的splink,但我认为行分隔的数据正在扰乱splink摄入:
METRICDATARESULTS iteratorAgeMilliseconds itagemillis PartialData
METRICDATARESULTS readProvisionedThroughputExceeded itagemillis PartialData
TIMESTAMPS 2020-04-15T20:21:00+00:00
TIMESTAMPS 2020-04-15T20:20:00+00:00
TIMESTAMPS 2020-04-15T20:19:00+00:00
TIMESTAMPS 2020-04-15T20:18:00+00:00
TIMESTAMPS 2020-04-15T20:17:00+00:00
TIMESTAMPS 2020-04-15T20:16:00+00:00
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
METRICDATARESULTS writeProvisionedThroughputExceeded itagemillis PartialData
TIMESTAMPS 2020-04-15T19:36:00+00:00
TIMESTAMPS 2020-04-15T19:35:00+00:00
TIMESTAMPS 2020-04-15T19:34:00+00:00
TIMESTAMPS 2020-04-15T19:33:00+00:00
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
VALUES 0.0
对于如何最好地处理这些数据,AWS或挥霍方面有什么想法吗?
这是CLI命令aws cloudwatch get-metric-data --start-time 16:29 --end-time 23:59 --metric-data-queries file://metric-data-queries.json --output text和metric-data-queries.json 的内容
[
{
"Id": "iteratorAgeMilliseconds",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "GetRecords.IteratorAgeMilliseconds",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "readProvisionedThroughputExceeded",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "ReadProvisionedThroughputExceeded",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "writeProvisionedThroughputExceeded",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "WriteProvisionedThroughputExceeded",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "putRecordSuccess",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "PutRecord.Success",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "putRecordsSuccess",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "PutRecords.Success",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
},
{
"Id": "getRecordsSuccess",
"MetricStat": {
"Metric": {
"Namespace": "AWS/Kinesis",
"MetricName": "GetRecords.Success",
"Dimensions": [
{
"Name": "StreamName",
"Value": "test.dev.com"
}
]
},
"Period": 1,
"Stat": "Sum",
"Unit": "Count"
},
"Label": "itagemillis",
"ReturnData": true
}
]
您会发现Splunk开箱即用就能很好地处理JSON,因此我建议在其他选项中使用它。您可能需要为摄取的源类型设置KV_MODE=JSON,但默认情况下应该这样做。
例如,请参阅此处的更多信息,https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Automatickey-valuefieldextractionsatsearch-time
您还可以考虑使用Splunk应用程序与AWS集成,例如用于AWS的Splunk插件,https://splunkbase.splunk.com/app/1876/,以及亚马逊Kinesis Firehose的Splunk附加组件,https://splunkbase.splunk.com/app/3719/