1
Ich versuche, Nginx Zugriffsprotokoll mit Hilfe von Logstash (Version 2.1.3)Logstash dynamische Variable nicht mit rabbitmq Plugin arbeitet
Auf der Grundlage von verschiedenen Endpunkten gefunden in Nginx Zugriffsprotokoll zu verarbeiten, mag ich senden Daten in verschiedenen Warteschlangen oder manchmal in verschiedenen RabbitMQ-Servern.
Hier ist meine Logstash Konfiguration:
input {
stdin {}
}
filter {
grok {
match => { "message" => "(?<status>.*?)!~~!(?<req_tm>.*?)!~~!(?<time>.*?)!~~!(?<req_method>.*?)!~~!(?<req_uri>.*)" }
tag_on_failure => ["first_grok_failed"]
}
if "/endpoint1" in [req_uri] {
mutate { add_field => { "[queue]" => "endpoint_one" } }
mutate { add_field => { "[rmqshost]" => "10.10.10.1" } }
}
else if "/endpoint2" in [req_uri] {
mutate { add_field => { "[queue]" => "endpoint_two" } }
mutate { add_field => { "[rmqshost]" => "10.10.10.2" } }
}
else {
mutate { add_field => { "[queue]" => "endpoint_other" } }
mutate { add_field => { "[rmqshost]" => "10.10.10.3" } }
}
}
output {
rabbitmq {
exchange => "%{[queue]}_exchange"
exchange_type => "direct"
host => "%{[rmqshost]}"
key => "%{[queue]}_key"
password => "mypassword"
user=>"myuser"
vhost=>"myvhost"
durable=>false
}
stdout {
codec => rubydebug
}
}
- Im Filterabschnitt von oben Konfiguration, ich hinzufügen, dynamische Variable "Warteschlange" und "rmqshost".
- In der Ausgabe Abschnitt habe ich versucht, mit diesen Variablen innerhalb Rabbitmq Plugin Block.
Ich bekomme folgenden Fehler, der zeigt, dass "rmqshost" Variable nicht ersetzt haben.
Connection to %{[rmqshost]}:5672 refused: host unknown
{:exception=>"MarchHare::ConnectionRefused", :backtrace=>
["/opt/logstash/vendor/bundle/jruby/1.9/gems/march_hare-2.15.0-
java/lib/march_hare/session.rb:473:in `converting_rjc_exceptions_to_ruby'",
"/opt/logstash/vendor/bundle/jruby/1.9/gems/march_hare-2.15.0-java/lib/march_hare/session.rb:500:in `new_connection_impl'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/march_hare-2.15.0-java/lib/march_hare/session.rb:136:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/march_hare-2.15.0-java/lib/march_hare/session.rb:109:in `connect'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/march_hare-2.15.0-java/lib/march_hare.rb:20:in `connect'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-mixin-rabbitmq_connection-2.3.0-java/lib/logstash/plugin_mixins/rabbitmq_connection.rb:137:in `connect'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-mixin-rabbitmq_connection-2.3.0-java/lib/logstash/plugin_mixins/rabbitmq_connection.rb:94:in `connect!'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-rabbitmq-3.0.7-java/lib/logstash/outputs/rabbitmq.rb:40:in `register'", "org/jruby/RubyArray.java:1613:in `each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.1.3-java/lib/logstash/pipeline.rb:192:in `start_outputs'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.1.3-java/lib/logstash/pipeline.rb:102:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.1.3-java/lib/logstash/agent.rb:165:in `execute'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.1.3-java/lib/logstash/runner.rb:90:in `run'", "org/jruby/RubyProc.java:281:in `call'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.1.3-java/lib/logstash/runner.rb:95:in `run'", "org/jruby/RubyProc.java:281:in `call'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.22/lib/stud/task.rb:24:in `initialize'"], :level=>:error}
I logstash leite wie folgt:
/opt/logstash/bin/logstash -f /etc/logstash/conf.d/nginx-filter.conf
mit folgenden Beispieldaten:
200!~~!0.004!~~!14/Apr/2017:05:15:27 +0000!~~!GET!~~!/endpoint1?key1=val1
200!~~!0.004!~~!14/Apr/2017:05:17:25 +0000!~~!GET!~~!/endpoint2?key1=val2
Danke! Ich habe auch einige Nachforschungen angestellt und festgestellt, dass nur Routing-Schlüssel dynamisch sein können. – jeetu