堆栈内存溢出
  简体   繁体   English

使用 Logstash 获取嵌套的 Airflow 日志,并发送到 Elasticsearch

[英]Use Logstash to get nested Airflow Logs, and send to Elasticsearch

 原文  2022-08-31 16:29:25       elasticsearch/ logging/ airflow/ logstash/ logstash-configuration

问题描述

I am new to Logstash and ELK as a whole.我是 Logstash 和 ELK 的新手。 I am trying to send my airflow logs to Logstash.我正在尝试将我的 airflow 日志发送到 Logstash。 I am confused on how to configure my configuration file, especially because I have several (nested) log files.我对如何配置我的配置文件感到困惑,特别是因为我有几个(嵌套的)日志文件。

My airflow is deployed on an AWS EC2 instance and my logs directory is something like this: /home/ubuntu/run/logs/scheduler/我的 airflow 部署在 AWS EC2 实例上,我的日志目录是这样的: /home/ubuntu/run/logs/scheduler/

The scheduler directory has a couple of dated folders.调度程序目录有几个过时的文件夹。 Using one of the folders as an example: /home/ubuntu/run/logs/scheduler/2022-08-31.以其中一个文件夹为例: /home/ubuntu/run/logs/scheduler/2022-08-31.

The dated folder has files such as日期文件夹包含文件,例如

testing.py.log hello_world.py.log dag_file.py.log

Now, while configuring my /etc/logstash/conf.d/ (based on the log path I shared above), how can I define my path to pick all the logs?现在,在配置我的/etc/logstash/conf.d/ (基于我上面共享的日志路径)时,如何定义我的路径来选择所有日志?

This is what my /etc/logstash/conf.d/apache-01.conf currently looks like, but I know the path isn't accurate:这是我的/etc/logstash/conf.d/apache-01.conf目前的样子,但我知道路径不准确:

input {
        file {
                path => "~/home/ubuntu/run/log/scheduler/"
                start_position => "beginning"
                codec -> "line"
        }
}

filter {
  grok {
    match => { "path" => "" }
  }
  mutate {
      add_field => {
        "log_id" => "%{[dag_id]}-%{[task_id]}-%{[execution_date]}-%{[try_number]}"
      }
  }
}
output{
        elasticsearch {
                hosts => ["localhost:9200"]
        }
}

1 个解决方案

解决方案1
 0  2022-09-14 10:43:53

The path parameter needs a absolute path. path 参数需要一个绝对路径。 To process all py.log files you can use this input要处理所有 py.log 文件,您可以使用此输入

input {
    file {
            path => "/home/ubuntu/run/logs/scheduler/*/*py.log"
            start_position => "beginning"
            codec -> "line"
    }
}

To process only the files hello_world.py.log and dag_file.py.log you can use an array for your path要仅处理文件 hello_world.py.log 和 dag_file.py.log,您可以使用数组作为路径

    input {
    file {
            path => ["/home/ubuntu/run/logs/scheduler/*/hello_world.py.log", "/home/ubuntu/run/logs/scheduler/*/dag_file.py.log"]
            start_position => "beginning"
            codec -> "line"
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 Logstash 将 airflow 日志传递给 Elasticsearch - Using Logstash to pass airflow logs to Elasticsearch logstash-过滤日志并发送到不同的Elasticsearch集群 - logstash - filter logs and send to different elasticsearch cluster 从logstash发送日志到elasticsearch不匹配 - Send logs from logstash to elasticsearch mismatch 将带有 filebeat 的日志发送到 logstash - Send logs with filebeat to logstash 将logstash日志直接发送到elasticsearch - Sending logstash logs directly to elasticsearch logstash不将日志推送到AWS Elasticsearch - logstash not pushing logs to AWS Elasticsearch Logstash无法将日志放入elasticsearch - Logstash failed to put logs to elasticsearch 通过 Logstash - Grok - ElasticSearch 标记日志 - Tagging the Logs by Logstash - Grok - ElasticSearch 读取 Logstash 日志但不会推送到 elasticsearch - Logstash logs are read but are not pushed to elasticsearch 如何使用Logstash过滤器转换为嵌套对象以供Elasticsearch输出? - How to use Logstash filter to convert into nested object for elasticsearch output?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM