我一整天都在尝试这样做。我想通过流畅的日志记录引擎将日志从Docker发送到FluentD,然后从流畅的将日志发送到logstash进行处理。
我不断从logstash中收到此错误:
{:timestamp=>"2016-03-09T23:29:19.388000+0000",
:message=>"An error occurred. Closing connection",
:client=>"172.18.0.1:57259", :exception=>#<TypeError: can't convert String into Integer>,
:backtrace=>["org/jruby/RubyTime.java:1073:in `at'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-event-2.2.2-java/lib/logstash/timestamp.rb:27:in `at'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-fluent-2.0.2-java/lib/logstash/codecs/fluent.rb:41:in `decode'",
"org/msgpack/jruby/MessagePackLibrary.java:195:in `each'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-fluent-2.0.2-java/lib/logstash/codecs/fluent.rb:40:in `decode'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-3.0.2/lib/logstash/inputs/tcp.rb:153:in `handle_socket'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-3.0.2/lib/logstash/inputs/tcp.rb:143:in `server_connection_thread'"], :level=>:error}
相当基本的logstash配置:
input {
tcp {
port => 4000
codec => "fluent"
}
}
output {
stdout {
}
}
相当基本的流利配置:
<source>
@type forward
</source>
<match docker.json>
@type forward
send_timeout 60s
recover_wait 10s
heartbeat_type none
phi_threshold 16
hard_timeout 60s
<server>
name logstash
host 172.18.0.2
port 4000
weight 60
</server>
</match>
<match docker.**>
@type stdout
</match>
有人会认为这会奏效,但我已经发现Logstash赢了:
forward_out心跳配置。
如果我在Ruby中制作Fluentd消息包消息并手动发送它,上述配置确实有效。但关键是我希望Fluentd在本地管理日志并将它们发送到外部logstash服务器以正确处理消息到JSON。
答案 0 :(得分:1)
AFAIK,无法将数据从Fluentd传输到Logstash。我们需要编写任何Fluentd输出插件来将数据发送到Logstash,或编写任何Logstash输入插件以从Fluentd接收数据。
仅供参考:有一些Logstash方向的插件 - &gt; Fluentd:
答案 1 :(得分:1)
我们找到了一种流畅的方法 - &gt; logstash工作。设置time_as_integer true。流利的一面的最小配置是
<source>
@type http
@id input_http
port 8888
</source>
<match **>
@type forward
time_as_integer true
<server>
host localhost
port 24114
</server>
</match>
在https://docs.fluentd.org/v0.12/articles/in_forward#i-got-messagepackunknownexttypeerror-error-why中提到它很隐蔽。 在logstash端,使用最新版本(6.2.4),然后只需配置流畅的编解码器,tcp输入如下:
input {
tcp {
codec => fluent
port => 24114
}
}
filter {
}
output {
stdout { codec => rubydebug }
}
用
进行测试curl -X POST -d 'json={"json":"message"}' http://localhost:8888/debug.test
如文档中所示。使用time_as_integer设置,logstash输出看起来不错,就像。
{
"port" => 32844,
"@version" => "1",
"host" => "localhost",
"json" => "message",
"@timestamp" => 2018-04-26T15:14:28.000Z,
"tags" => [
[0] "debug.test"
]
}
没有它,我得到了
[2018-04-26T15:16:00,115][ERROR][logstash.codecs.fluent ] Fluent parse error, original data now in message field {:error=>#<MessagePack::UnknownExtTypeError: unexpected extension type>, :data=>["fluent.info", "\x92\xD7\u0000Z\xE1\xEC\xF4\u0006$\x96傦worker\u0000\xA7message\xD9&fluentd worker is now running worker=0", {"size"=>1, "compressed"=>"text"}]}
{
"port" => 32972,
"@version" => "1",
"message" => [
[0] "fluent.info",
[1] "\x92\xD7\u0000Z\xE1\xEC\xF4\u0006$\x96傦worker\u0000\xA7message\xD9&fluentd worker is now running worker=0",
[2] {
"size" => 1,
"compressed" => "text"
}
],
"host" => "localhost",
"@timestamp" => 2018-04-26T15:16:00.116Z,
"tags" => [
[0] "_fluentparsefailure"
]
}
答案 2 :(得分:0)
您可以将其直接转发到logstash tcp输入。
这个open-source flunetd output plugin会将数据直接发送到json格式的logstash tcp输入(或任何其他接收器)(也支持ssl / tls)。
首先看到question。