我正在尝试将来自TD代理的事件发送到Elastic Serach和Kibana,但它无法正常工作
我的Td代理人conf:
<source>
type tail
path /var/log/abc.log
pos_file /etc/td-agent/def.pos
refresh_interval 10s
tag "abc.def"
format /^(?<Time>[^ ]* [^ ]*) (?<Logging_Level>\[(.*)\]) (?<PID>\ [(.*)\]) \[\-\:\-\] (?<Message>(.*))$/
time_format %Y-%m-%d %H:%M:%S
</source>
<filter "abc.def">
type record_transformer
<record>
hostname "#{Socket.gethostname}"
</record>
</filter>
<match "abc.def">
type elasticsearch
logstash_format true
host xyz.def.domain
port 9200 #(optional; default=9200)
flush_interval 10s
index_name logstash #(optional; default=fluentd)
</match>
不确定为什么它没有从TD代理发送主机名到Elasticserach和Kibana?
答案 0 :(得分:0)
你应该在record_transformer中启用ruby,这是ruby表达式:
install_modules所以看起来应该是这样的:
"#{Socket.gethostname}"