堆栈内存溢出
  简体   繁体   English

Filebeat 5.0输出到Kafka的多个主题

[英]Filebeat 5.0 output to Kafka multiple topics

 原文  2016-12-03 21:30:52       apache-kafka/ filebeat

问题描述

I installed Filebeat 5.0 on my app server and have 3 Filebeat prospectors, each of the prospector are pointing to different log paths and output to one kafka topic called myapp_applog and everything works fine. 我在我的应用服务器上安装了Filebeat 5.0,并有3个Filebeat探测器,每个探测器指向不同的日志路径并输出到一个名为myapp_applog kafka主题,一切正常。

My Filebeat output configuration to one topic - Working 我的Filebeat输出配置为一个主题 - 工作 

output.kafka:
    # initial brokers for reading cluster metadata
    hosts: ["broker.1.ip.address:9092", "broker.2.ip.address:9092", "broker.3.ip.address:9092"]

    # message topic selection + partitioning
    topic: 'myapp_applog'
    partition.round_robin:
      reachable_only: false

    required_acks: 1
    compression: gzip
    max_message_bytes: 1000000

What I want to do is send each of the log files to seperate topics based on a condition see documentation section on topics . 我想要做的是根据条件将每个日志文件发送到单独的主题,请参阅有关主题的文档部分。 I have tried to do it but no data is been sent to any of the topics. 我试过这样做,但没有数据发送到任何主题。 Does anyone know why my condition does not match or it is correct. 有谁知道为什么我的病情不匹配或者是正确的。 I can seem to find an example on how to correctly use the "topics topic condition". 我似乎可以找到一个如何正确使用“主题主题条件”的示例。

Here is my kafka output to muliple topics configuration. 这是我的kafka输出到多个主题配置。

Not Working 不工作 

output.kafka:
    # initial brokers for reading cluster metadata
    hosts: ["broker.1.ip.address:9092", "broker.2.ip.address:9092", "broker.3.ip.address:9092"]

    # message topic selection + partitioning
    topics:
      - topic: 'myapp_applog'
        when: 
          equals:
            document_type: applog_myappapi
      - topic: 'myapp_applog_stats'
        when:
          equals:
            document_type: applog_myappapi_stats
      - topic: 'myapp_elblog'
        when:
          equals:
            document_type: elblog_myappapi
    partition.round_robin:
      reachable_only: false

    required_acks: 1
    compression: gzip
    max_message_bytes: 1000000

Here is full filebeat.yml configuration file. 这是完整的filebeat.yml配置文件。 

################### Filebeat Configuration Example #########################
############################# Filebeat ######################################
filebeat.prospectors:
    # App logs - prospector
    - input_type: log
      paths:
        - /myapp/logs/myapp.log
      exclude_lines: [".+? INFO[^*].+", ".+? DEBUG[^*].+"]
      exclude_files: [".gz$", ".tmp"]
      fields:
        api: myappapi
        environment: STG
      ignore_older: 24h
      document_type: applog_myappapi
      scan_frequency: 1s

      # Multine on Timestamp, YYYY-MM-DD
      # https://www.elastic.co/guide/en/beats/filebeat/master/multiline-examples.html 
      multiline:
        pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
        negate: true
        match: after
        max_lines: 500
        timeout: 5s

    # Server Stats - prospector
    - input_type: log
      paths:
        - /myapp/logs/serverstats.log

      # Exclude messages with log level
      exclude_lines: [".+? ERROR[^*].+", ".+? DEBUG[^*].+"]
      exclude_files: [".gz$", ".tmp"]
      fields:
        api: myappapi
        environment: STG
      ignore_older: 24h
      document_type: applog_myappapi_stats
      scan_frequency: 1s

    # ELB prospector
    -
      input_type: log
      paths:
        - /var/log/httpd/elasticbeanstalk-access_log
      document_type: elblog_myappapi
      fields:
        api: myappapi
        environment: STG
      exclude_lines: [".+? INFO[^*].+", ".+? DEBUG[^*].+"]
      exclude_files: [".gz$", ".tmp"]
      ignore_older: 24h

      # 0s, it is done as often as possible. Default: 10s
      scan_frequency: 1s
registry_file: /var/lib/filebeat/registry

############################# Output ##########################################
# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.
#----------------------------- Kafka output --------------------------------

output.kafka:
    # initial brokers for reading cluster metadata
    hosts: ["broker.1.ip.address:9092", "broker.2.ip.address:9092", "broker.3.ip.address:9092"]

    # message topic selection + partitioning
    topics:
      - topic: 'myapp_applog'
        when: 
          equals:
            document_type: applog_myappapi
      - topic: 'myapp_applog_stats'
        when:
          equals:
            document_type: applog_myappapi_stats
      - topic: 'myapp_elblog'
        when:
          equals:
            document_type: elblog_myappapi
    partition.round_robin:
      reachable_only: false

    required_acks: 1
    compression: gzip
    max_message_bytes: 1000000

############################# Logging #########################################

# There are three options for the log ouput: syslog, file, stderr.
# Under Windos systems, the log files are per default sent to the file output,
# under all other system per default to syslog.
logging:

  # Send all logging output to syslog. On Windows default is false, otherwise
  # default is true.
  to_syslog: true

  # Write all logging output to files. Beats automatically rotate files if rotateeverybytes
  # limit is reached.
  to_files: true

  # To enable logging to files, to_files option has to be set to true
  files:
    # The directory where the log files will written to.
    path: /var/log/

    # The name of the files where the logs are written to.
    name: filebeats.log

    # Configure log file size limit. If limit is reached, log file will be
    # automatically rotated
    rotateeverybytes: 10485760 # = 10MB

    # Number of rotated log files to keep. Oldest files will be deleted first.
    keepfiles: 7

  # Enable debug output for selected components. To enable all selectors use ["*"]
  # Other available selectors are beat, publish, service
  # Multiple selectors can be chained.
  #selectors: ["*" ]

  # Sets log level. The default log level is error.
  # Available log levels are: critical, error, warning, info, debug
  level: info

2 个解决方案

解决方案1
 4 已采纳  2016-12-07 07:05:37

I've got the same problem and deal with it by define output as: 我有同样的问题,并通过定义输出处理它: 

topics:
  - topic: '%{[type]}'
use_type: true

and as input you only have to set in document_type: kaffka's topic 作为输入,您只需要在document_type中设置:kaffka的主题

  • input_type: log paths: input_type:日志路径:

    • /path/to/log/file document_type: "you'r kaffka's topic 1" / path / to / log / file document_type:“你的kaffka主题1”

  • input_type: log paths: input_type:日志路径:

    • /path/to/another/log/file /路径/到/其它/日志/文件

    document_type: "you'r another kaffka's topic 1" document_type:“你是另一个kaffka的主题1”

解决方案2
 2  2018-01-26 22:45:28

Input: 输入: 

- type: log
  fields:
    kafka_topic: "my_topic_1"

- type: log
  fields:
    kafka_topic: "my_topic_2"

Output: 输出: 

output.kafka:
  hosts: ["mybroker:9092"]
  topic: '%{[fields.kafka_topic]}'

Above example shows 2 log inputs and 2 kafka topic outputs 上面的示例显示了2个日志输入和2个kafka主题输出

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Filebeat Kafka Module 如何消费 Kafka Topics? - How Filebeat Kafka Module consume Kafka Topics? Kafka流,将输出分支到多个主题 - Kafka streams, branched output to multiple topics 具有多个 output 主题的 Kafka 流拓扑的并发性 - Concurrency of Kafka streams topology with multiple output topics 加入多个 Kafka 主题 - Join on Multiple Kafka Topics Suricata 到 Filebeat 到 Kafka,按事件类型路由到主题 - Suricata to Filebeat to Kafka, routing to topics by event-type Filebeat Kafka输出使用文件名作为密钥 - Filebeat kafka output use filename as key 从多个 Kafka 主题中消费 - Consuming from multiple Kafka topics kafka消费者Java具有多个主题 - kafka consumer java with multiple topics 如何加入多个Kafka主题? - How to join multiple Kafka topics? 按键加入多个Kafka主题 - Join multiple Kafka topics by key
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM