用fluentd的tail命令收集日志文件的配置文件,index_name不使用logstash-2019.02.19这样子的模式

2019-02-20 01:35:24   catherine

在官方有说明:

logstash_format

  1. logstash_format true # defaults to false

This is meant to make writing data into Elasticsearch indices compatible to what Logstash calls them. By doing this, one could take advantage of Kibana. See logstash_prefix and logstash_dateformat to customize this index name pattern. The index name will be #{logstash_prefix}-#{formated_date}

:warning: Setting this option to true will ignore the index_name setting. The default index name prefix is logstash-.

fluentd的配置如下:

  1. # In v1 configuration, type and id are @ prefix parameters.
  2. # @type and @id are recommended. type and id are still available for backward compatibility
  4. ## built-in TCP input
  5. ## $ echo <json> | fluent-cat <tag>
  6. <source>
  7.   @type forward
  8.   @id forward_input
  9. </source>
  11. ## built-in UNIX socket input
  12. #<source>
  13. #  @type unix
  14. #</source>
  16. # HTTP input
  17. # http://localhost:8888/<tag>?json=<json>
  18. <source>
  19.   @type http
  20.   @id http_input
  22.   port 8888
  23. </source>
  25. ## File input
  26. ## read apache logs with tag=apache.access
  27. #<source>
  28. #  @type tail
  29. #  format apache
  30. #  path /var/log/httpd-access.log
  31. #  tag apache.access
  32. #</source>
  34. ## Mutating event filter
  35. ## Add hostname and tag fields to apache.access tag events
  36. #<filter apache.access>
  37. #  @type record_transformer
  38. #  <record>
  39. #    hostname ${hostname}
  40. #    tag ${tag}
  41. #  </record>
  42. #</filter>
  44. ## Selecting event filter
  45. ## Remove unnecessary events from apache prefixed tag events
  46. #<filter apache.**>
  47. #  @type grep
  48. #  include1 method GET # pass only GET in 'method' field
  49. #  exclude1 message debug # remove debug event
  50. #</filter>
  52. # Listen HTTP for monitoring
  53. # http://localhost:24220/api/plugins
  54. # http://localhost:24220/api/plugins?type=TYPE
  55. # http://localhost:24220/api/plugins?tag=MYTAG
  56. <source>
  57.   @type monitor_agent
  58.   @id monitor_agent_input
  60.   port 24220
  61. </source>
  63. # Listen DRb for debug
  64. <source>
  65.   @type debug_agent
  66.   @id debug_agent_input
  68.   bind 127.0.0.1
  69.   port 24230
  70. </source>
  72. ## match tag=apache.access and write to file
  73. #<match apache.access>
  74. #  @type file
  75. #  path /var/log/fluent/access
  76. #</match>
  78. ## match tag=debug.** and dump to console
  79. <match debug.**>
  80.   @type stdout
  81.   @id stdout_output
  82. </match>
  84. # match tag=system.** and forward to another fluent server
  85. <match system.**>
  86.   @type forward
  87.   @id forward_output
  89.   <server>
  90.     host 192.168.0.11
  91.   </server>
  92.   <secondary>
  93.     <server>
  94.       host 192.168.0.12
  95.     </server>
  96.   </secondary>
  97. </match>
  99. ## match tag=myapp.** and forward and write to file
  100. #<match myapp.**>
  101. #  @type copy
  102. #  <store>
  103. #    @type forward
  104. #    buffer_type file
  105. #    buffer_path /var/log/fluent/myapp-forward
  106. #    retry_limit 50
  107. #    flush_interval 10s
  108. #    <server>
  109. #      host 192.168.0.13
  110. #    </server>
  111. #  </store>
  112. #  <store>
  113. #    @type file
  114. #    path /var/log/fluent/myapp
  115. #  </store>
  116. #</match>
  118. ## match fluent's internal events
  119. #<match fluent.**>
  120. #  @type null
  121. #</match>
  123. ## match not matched logs and write to file
  124. #<match **>
  125. #  @type file
  126. #  path /var/log/fluent/else
  127. #  compress gz
  128. #</match>
  130. ## Label: For handling complex event routing
  131. #<label @STAGING>
  132. #  <match system.**>
  133. #    @type forward
  134. #    @id staging_forward_output
  135. #    <server>
  136. #      host 192.168.0.101
  137. #    </server>
  138. #  </match>
  139. #</label>
  141. ######以下可以能过匹配的tag (elk)写入到elasticsearch
  142. <match elk.**>
  143.   @type elasticsearch
  144.   host localhost
  145.   port 9200
  146.   logstash_format true
  147. </match>
  149. ######tail 收集日志开始
  150. <match golang.**>
  151.   @type elasticsearch
  152.   host localhost
  153.   port 9200
  154.   index_name fluentd.${tag}
  155.   logstash_format false    ##更改为false就不会成生logstash-2019.02.19这样子的
  156.   flush_interval 1s
  157. </match>
  159. <source>
  160.   @type tail
  161.   format json
  162.   path /var/log/test.log
  163.   tag golang.access
  164. </source>
  165. #######tail 收集日志结束

分类: web

标签:   fluentd  

微信号:腾讯云折扣返现

技术讨论QQ群: 863102326

作者: catherine

User Image

搜索

标签

study ab amap apache apahe awk aws bat centos CFS chrome cmd cnpm composer consul crontab css curl cygwin devops di docker docker,docker-compose ethereum excel fiddler fluentd framework front-end git gitgui github glide go golang gorm grafana gzip ioc item2 iterm2 javascript jenkins jsonp kafka laradock laravel larval linux liunux log mac mac, wi-fi macos magento mariaDB minikube mongoDB msp mysql netbeans nginx nodejs nohup npm nsq oracle php php-fpm php7 phpstorm php扩展 Protobuf python redis scp server shell soap socket socket5 sql sre ssdb ssh ssl study sublime swift system td-agent uml v2ray vagrant vagrnat vim vpn vue vue.js webpack webrtc websocket webtatic windows windows7 word wps xdebug yarn yii2 yum zookeeper 世界国家 互联网 以太坊 分类 前端 小程序 打印机 排序算法 搞笑 权限 粤语 缓存 网络 虚拟机 视频 设计模式 项目管理
热门文章
友情链接