zoukankan      html  css  js  c++  java

  • filebeat收集日志传输到Redis集群,logstash从Redis集群中拉取数据

    前提:已配置好Redis集群,并设置的有统一的访问密码

    架构是filebeat-->redis集群-->logstash->elasticsearch,需要修改filebeat的输出和logstash的输入值
    filebeat地址:192.168.80.108
    redis集群地址:192.168.80.107 ,采用的是伪集群的方式

    1 filebeat配置

    filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /usr/local/openresty/nginx/logs/host.access.log
  fields:
    log_source: messages

- type: log
  enabled: true
  paths:
    - /usr/local/openresty/nginx/logs/error.log
  fields:
    log_source: secure

output.redis:
  # Redis集群地址列表
  hosts: ["192.168.80.107:7001","192.168.80.107:7002","192.168.80.107:7003","192.168.80.107:7004","192.168.80.107:7005","192.168.80.107:7006","192.168.80.107:7007","192.168.80.107:7008"]
  # Redis集群key
  key: messages_secure
  password: foobar2000
  # 集群模式下只能用第0数据库,填写其他的会报错
  db: 0

    2 redis端查看数据

    登录:

    # -h是地址,-p是端口,-c表示集群,-a是密码
/elk/redis/redis-4.0.1/src/redis-cli -h 192.168.80.107 -c -p 7001 -a foobar2000

    查看:

    redis 127.0.0.1:7000[0]> keys *    # 出现这个key了  说明fielebeat的数据已经传输到redis集群中了
1) "messages_secure"     
redis 127.0.0.1:7000[0]> llen emessages_secure   ##查看list长度
(integer) 2002
redis 127.0.0.1:7000[0]> lindex messages_secure 0  #查看相关数据

    或者使用redis客户端RedisDesktopManager使用

    发现一个问题,Redis集群中出现俩messages_secure,且存储的数据一模一样,这个问题还有待继续研究..

    3 logstash配置

    input { 
  redis {
    host => "192.168.80.107"
    port => 7001
    password => foobar2000
    data_type => "list"
    key => "messages_secure"
    db => 0
  }
  redis {
    host => "192.168.80.107"
    port => 7002
    password => foobar2000
    data_type => "list"
    key => "messages_secure"
    db => 0
  }
  redis {
    host => "192.168.80.107"
    port => 7003
    password => foobar2000
    data_type => "list"
    key => "messages_secure"
    db => 0
  }
  redis {
    host => "192.168.80.107"
    port => 7004
    password => foobar2000
    data_type => "list"
    key => "messages_secure"
    db => 0
  }
  redis {
    host => "192.168.80.107"
    port => 7005
    password => foobar2000
    data_type => "list"
    key => "messages_secure"
    db => 0
  }
  redis {
    host => "192.168.80.107"
    port => 7006
    password => foobar2000
    data_type => "list"
    key => "messages_secure"
    db => 0
  }
  redis {
    host => "192.168.80.107"
    port => 7007
    password => foobar2000
    data_type => "list"
    key => "messages_secure"
    db => 0
  }
  redis {
    host => "192.168.80.107"
    port => 7008
    password => foobar2000
    data_type => "list"
    key => "messages_secure"
    db => 0
  }
  redis {
    batch_count => 1
    host => "192.168.80.107"
    port => 7001
    password => foobar2000
    data_type => "list"
    key => "messages_secure"
    db => 0
  }
}

# 输出到elasticsearch中,根据不同的日志来源创建不同的索引
output {

  if [fields][log_source] == 'messages' {
    elasticsearch {
      hosts => ["http://192.168.80.104:9200", "http://192.168.80.105:9200","http://192.168.80.106:9200"]
      index => "messages-%{+YYYY.MM.dd}"
      user => "elastic"
      password => "elkstack123456"
    }
  }

  if [fields][log_source] == "secure" {
    elasticsearch {
      hosts => ["http://192.168.80.104:9200", "http://192.168.80.105:9200","http://192.168.80.106:9200"]
      index => "secure-%{+YYYY.MM.dd}"
      user => "elastic"
      password => "elkstack123456"
    }
  }

}

    说明:
    input的redis中,host默认是string,不能填写列表,所以需要把所有集群的地址都写上,
    若是只写其中一个Redis集群节点的地址,,则会出现如下提示,同时logstash也无法从Redis集群中拉取数据

    Redis connection problem {:exception=>#<Redis::CommandError: CROSSSLOT Keys in request don't hash to the same slot>}
Redis connection problem {:exception=>#<Redis::CommandError: MOVED 7928 192.168.80.107:7002>}

    但是若把所有集群的地址都写上,虽然也会出现上述的俩提示,但是logstash能从Redis集群中拉取数据

    4 问题

    延伸的问题:因为Redis集群中存储俩messages_secure,导致logstash从Redis集群中拉取的数据是会有俩一模一样的,进而传输给Elasticsearch的数据
    也是有重复的,在kibana上查看,每个记录均有两条
    出现这个问题是因为filebeat存储到Redis集群的数据重复,有待上面问题的解决。

    5 官方相关文档

    host参数的值是string,不支持列表

    Redis input pluginedit

    • Plugin version: v3.1.4
    • Released on: 2017-08-16
    • Changelog

    For other versions, see the Versioned plugin docs.

    Getting Helpedit

    For questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github. For the list of Elastic supported plugins, please consult the Elastic Support Matrix.

    Descriptionedit

    This input will read events from a Redis instance; it supports both Redis channels and lists. The list command (BLPOP) used by Logstash is supported in Redis v1.3.1+, and the channel commands used by Logstash are found in Redis v1.3.8+. While you may be able to make these Redis versions work, the best performance and stability will be found in more recent stable versions. Versions 2.6.0+ are recommended.

    For more information about Redis, see http://redis.io/

    batch_count note: If you use the batch_count setting, you must use a Redis version 2.6.0 or newer. Anything older does not support the operations used by batching.

    Redis Input Configuration Optionsedit

    This plugin supports the following configuration options plus the Common Options described later.

    Setting Input type Required
    batch_count number No
    data_type string, one of ["list", "channel", "pattern_channel"] Yes
    db number No
    host string No
    key string Yes
    password password No
    port number No
    threads number No
    timeout number No

    Also see Common Options for a list of options supported by all input plugins.

    batch_countedit

    • Value type is number
    • Default value is 125

    The number of events to return from Redis using EVAL.

    data_typeedit

    • This is a required setting.
    • Value can be any of: list, channel, pattern_channel
    • There is no default value for this setting.

    Specify either list or channel. If data_type is list, then we will BLPOP the key. If data_type is channel, then we will SUBSCRIBE to the key. If data_type is pattern_channel, then we will PSUBSCRIBE to the key.

    dbedit

    • Value type is number
    • Default value is 0

    The Redis database number.

    hostedit

    • Value type is string
    • Default value is "127.0.0.1"

    The hostname of your Redis server.

    keyedit

    • This is a required setting.
    • Value type is string
    • There is no default value for this setting.

    The name of a Redis list or channel.

    passwordedit

    • Value type is password
    • There is no default value for this setting.

    Password to authenticate with. There is no authentication by default.

    portedit

    • Value type is number
    • Default value is 6379

    The port to connect on.

    ssledit

    • Value type is boolean
    • Default value is false

    Enable SSL support.

    threadsedit

    • Value type is number
    • Default value is 1

    timeoutedit

    • Value type is number
    • Default value is 5

    Initial connection timeout in seconds.

    Common Optionsedit

    The following configuration options are supported by all input plugins:

    Setting Input type Required
    add_field hash No
    codec codec No
    enable_metric boolean No
    id string No
    tags array No
    type string No

    Detailsedit

    add_fieldedit

    • Value type is hash
    • Default value is {}

    Add a field to an event

    codecedit

    • Value type is codec
    • Default value is "plain"

    The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.

    enable_metricedit

    • Value type is boolean
    • Default value is true

    Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.

    idedit

    • Value type is string
    • There is no default value for this setting.

    Add a unique ID to the plugin configuration. If no ID is specified, Logstash will generate one. It is strongly recommended to set this ID in your configuration. This is particularly useful when you have two or more plugins of the same type, for example, if you have 2 redis inputs. Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.

    input {
  redis {
    id => "my_plugin_id"
  }
}

    tagsedit

    • Value type is array
    • There is no default value for this setting.

    Add any number of arbitrary tags to your event.

    This can help with processing later.

    typeedit

    • Value type is string
    • There is no default value for this setting.

    Add a type field to all events handled by this input.

    Types are used mainly for filter activation.

    The type is stored as part of the event itself, so you can also use the type to search for it in Kibana.

    If you try to set a type on an event that already has one (for example when you send an event from a shipper to an indexer) then a new input will not override the existing type. A type set at the shipper stays with that event for its life even when sent to another Logstash server.
  • 相关阅读:
    索引初识
    python数据类型之 元祖、列表字典
    linux常用命令之网络命令
    linux命令之查找find &grep
    python数据类型之可hash,不可hash
    python面向对象之封装,多态与继承
    python之新式类与经典类
    python之random随机函数
    CSS3选择器(一)
    关于居中
  • 原文地址:https://www.cnblogs.com/sanduzxcvbnm/p/11427681.html
Copyright © 2011-2022 走看看