fluentd无法在elasticsearch中写入日志

ztigrdn8  于 2021-06-14  发布在  ElasticSearch
关注(0)|答案(1)|浏览(745)

使用:
fluentd 1.11.2版
fluent插件elasticsearch 4.1.3
elasticsearch 7.5.1版
Spring Boot2.3.3
在openshift中运行(kubernetes v1.17.1+20ba474)。
fluentd和elasticsearch都运行在不同的pod中。
fluentd配置文件:

<source>
  @type forward
  port 24224
  bind 0.0.0.0
</source>
<filter *.**>
      @type parser
      key_name log
      reserve_data true
      <parse>
        @type none
      </parse>
</filter>
<match *.**>
  @type copy
<store>
    @type elasticsearch
    host elasticdb
    port 9200
    logstash_format true
    logstash_prefix applogs
    logstash_dateformat %Y%m%d
    include_tag_key true
    type_name app_log
    tag_key @log_name
    flush_interval 1s
    user elastic
    password changeme
  </store>
  <store>
    @type stdout
  </store>
</match>

从本地springboot服务,我向fluentd发送一些虚拟数据:

// Local port 24224 is being forwarded to remote 24224 via oc port-forward command
private static FluentLogger LOG = FluentLogger.getLogger("app", "127.0.0.1", 24224);

Map<String, Object> data = new HashMap<String, Object>();
data.put("from", "userA");
data.put("to", "userB");

LOG.log("app", data);

发送json数据:

{"from":"userA","to":"userB"}

很明显,这十次中只有一次有效。或者好像工作了两三次,然后在我改变指数之前就崩溃了。实际上,不清楚行为模式。
当它不工作时(大多数情况下),fluentd pod中的日志如下:

2020-09-18 17:33:08.000000000 +0000 app.appaa: {"from":"userA","to":"userB"}
2020-09-18 17:33:37 +0000 [warn]: #0 dump an error event: error_class=ArgumentError error="log does not exist" location=nil tag="fluent.warn" time=2020-09-18 17:33:37.328180192 +0000 record={"error"=>"#<ArgumentError: log does not exist>", "location"=>nil, "tag"=>"app.appaa", "time"=>1600450388, "record"=>{"from"=>"userA", "to"=>"userB"}, "message"=>"dump an error event: error_class=ArgumentError error=\"log does not exist\" location=nil tag=\"app.appaa\" time=1600450388 record={\"from\"=>\"userAa\", \"to\"=>\"userBb\"}"}
2020-09-18 17:33:37.328180192 +0000 fluent.warn: {"error":"#<ArgumentError: log does not exist>","location":null,"tag":"app.appaa","time":1600450388,"record":{"from":"userA","to":"userB"},"message":"dump an error event: error_class=ArgumentError error=\"log does not exist\" location=nil tag=\"app.appaa\" time=1600450388 record={\"from\"=>\"userA\", \"to\"=>\"userB\"}"}
warning: 299 Elasticsearch-7.5.1-3ae9ac9a93c95bd0cdc054951cf95d88e1e18d96 "[types removal] Specifying types in bulk requests is deprecated."

尽管elasticsearch pod没有显示任何内容(我猜是日志级别的问题),但如果我转到elastic,我会看到:

{
    "_index": "applogs-20200918",
    "_type": "_doc",
    "_id": "F0M2onQBB89nIri4Cb1Z",
    "_score": 1.0,
    "_source": {
        "error": "#<ArgumentError: log does not exist>",
        "location": null,
        "tag": "app.app",
        "time": 1600449251,
        "record": {
            "from": "userA",
            "to": "userB"
        },
        "message": "dump an error event: error_class=ArgumentError error=\"log does not exist\" location=nil tag=\"app.app\" time=1600449251 record={\"from\"=>\"userA\", \"to\"=>\"userB\"}",
        "@timestamp": "2020-09-18T17:14:39.775332214+00:00",
        "@log_name": "fluent.warn"
    }
}

所以看起来错误来自
“弹性:参数错误:日志不存在”
以前有人遇到过这个错误吗?

5vf7fwbs

5vf7fwbs1#

过滤器中解析器的配置,即。

<filter *.**>
  @type parser
  key_name log    # << Look for key `log` in event
  # ...
</filter>

他在找钥匙 log 在本事件中不存在:

{"from":"userA","to":"userB"}

你需要用这样的方法:

{"log":"... your log here..."}

你可能需要逃跑 " 如果你用引号的话。
相关文件:https://docs.fluentd.org/filter/parser#key_name

相关问题