访问日志各字段解读
sidercar会在标准输出中打印访问日志,istio 1.18及以上版本的访问日志提供JSON格式的内容,下面以如下istio日志为例对每个字段的含义进行解读,解读内容见下表。
{
"start_time": "%START_TIME%",
"route_name": "%ROUTE_NAME%",
"method": "%REQ(:METHOD)%",
"path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
"protocol": "%PROTOCOL%",
"response_code": "%RESPONSE_CODE%",
"response_flags": "%RESPONSE_FLAGS%",
"response_code_details": "%RESPONSE_CODE_DETAILS%",
"connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%",
"bytes_received": "%BYTES_RECEIVED%",
"bytes_sent": "%BYTES_SENT%",
"duration": "%DURATION%",
"upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
"x_forwarded_for": "%REQ(X-FORWARDED-FOR)%",
"user_agent": "%REQ(USER-AGENT)%",
"request_id": "%REQ(X-REQUEST-ID)%",
"authority": "%REQ(:AUTHORITY)%",
"upstream_host": "%UPSTREAM_HOST%",
"upstream_cluster": "%UPSTREAM_CLUSTER%",
"upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%",
"downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%",
"downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%",
"requested_server_name": "%REQUESTED_SERVER_NAME%",
"upstream_transport_failure_reason": "%UPSTREAM_TRANSPORT_FAILURE_REASON%",
"pod_name": "%ENVIRONMENT(POD_NAME)%",
"pod_namespace": "%ENVIRONMENT(POD_NAMESPACE)%",
"mesh_id": "%ENVIRONMENT(ISTIO_META_ASM_MESH_ID)%",
"cluster_id": "%ENVIRONMENT(ISTIO_META_ASM_CLUSTER_ID)%",
}
|
日志标记 |
HTTP场景含义 |
TCP场景含义 |
UDP场景含义 |
样例 |
|---|---|---|---|---|
|
start_time |
请求开始时间,毫秒 |
Downstream发起连接的时间 |
UDP proxy会话开始的时间 |
[2020-11-25T21:26:18.409Z] |
|
route_name |
路由的名称 |
同HTTP |
\ |
default |
|
method |
请求方法 |
\ |
\ |
"GET" |
|
path |
请求路径 |
\ |
\ |
"/status/418" |
|
protocol |
请求协议 |
\ |
\ |
"HTTP/1.1" |
|
response_code |
响应码 |
\ |
\ |
418 |
|
response_flags |
响应或连接的其他信息 |
响应或连接的其他信息 |
\ |
UH |
|
response_code_details |
响应码详情:返回对象和原因 |
\ |
\ |
via_upstream |
|
connection_termination_detail |
请求被Envoy中止的L4层原因 |
同HTTP |
\ |
xxx |
|
bytes_received |
收到的Body体大小 |
收到的数据包大小 |
\ |
0 |
|
bytes_sent |
发送的Body体大小 |
发送的数据包大小 |
\ |
135 |
|
duration |
从开始到发送最后1个Bytes的时间(毫秒) |
整个TCP连接的时间(毫秒) |
\ |
4 |
|
upstream_service_time |
响应头X-ENVOY-UPSTREAM-SERVICE-TIME的内容 |
\ |
\ |
4 |
|
x_forwarded_for |
请求头X-FORWARDED-FOR的内容 |
\ |
\ |
"10.44.1.27" |
|
user_agent |
请求头USER-AGEN的内容 |
\ |
\ |
"curl/7.73.0-DEV" |
|
request_id |
请求头X-REQUEST-ID的内容 |
\ |
\ |
"84961386-6d84-929d-98bd-c5aee93b5c88" |
|
authority |
请求头AUTHORITY的内容 |
\ |
\ |
"httpbin:8000" |
|
upstream_host |
UPSTREAM_HOST的主要地址 |
同HTTP |
同HTTP |
"10.44.1.27:80" |
|
upstream_cluster |
UPSTREAM_HOST所属的Cluster |
同HTTP |
同HTTP |
outbound|8000||httpbin.foo.svc.cluster.local |
|
upstream_local_address |
连接UPSTREAM_HOST所使用的本地地址 |
同HTTP |
同HTTP |
10.44.1.23:37652 |
|
downstream_local_address |
DOWNSTREAM连接的本地地址 |
同HTTP |
同HTTP |
10.0.45.184:8000 |
|
downstream_remote_address |
DOWNSTREAM连接的对端地址 |
同HTTP |
同HTTP |
10.44.1.23:46520 |
|
requested_server_name |
SSL连接的SNI |
同HTTP |
\ |
xxx |
|
upstream_transport_failure_reason |
传输层失败原因(TLS等) |
\ |
\ |
"TLSV1_ALERT_UNKNOWN_CA" |
|
pod_name |
产生日志的pod名称 |
产生日志的pod名称 |
产生日志的pod名称 |
istio-ingressgateway-1-15-7-r2-599d4cf747-ngcfd |
|
pod_namespace |
产生日志的pod的namespace |
产生日志的pod的namespace |
产生日志的pod的namespace |
istio-system |
|
mesh_id |
网格ID |
网格ID |
网格ID |
84961386-6d84-929d-98bd-c5aee93b5c88 |
|
cluster_id |
集群ID |
集群ID |
集群ID |
84961386-6d84-929d-98bd-c5aee93b5c88 |
了解更多
Istio官方日志介绍:Istio / Envoy Access Logs
Envoy官方日志字段含义:Access logging — envoy 1.31.0-dev-3d906a documentation (envoyproxy.io)
