【发布时间】:2019-12-11 03:03:39
【问题描述】:
我正在使用 EFK。
这里有人可以帮忙解决如何通过 fluentd 解析多行 java 堆栈跟踪,以便在日志消息字段中推送整个堆栈跟踪(我应该通过 Kibana 看到相同的错误/异常堆栈跟踪)。
我需要解析以下错误堆栈跟踪:
2019-06-10 16:51:48.789 INFO 11360 --- [ost-startStop-1] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 6293 ms
Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary.
2019-06-10 16:51:52.633 ERROR 11360 --- [ost-startStop-1] o.a.tomcat.jdbc.pool.ConnectionPool : Unable to create initial connections of pool.
java.sql.SQLException: Access denied for user 'root'@'ec2-13-233-117-154.ap-south-1.compute.amazonaws.com' (using password: YES)
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:129) ~[mysql-connector-java-8.0.15.jar:8.0.15]
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97) ~[mysql-connector-java-8.0.15.jar:8.0.15]
我的fluent.conf文件配置如下:
# fluentd/conf/fluent.conf
<source>
@type forward
port 24224
bind 0.0.0.0
<parse>
@type multiline
format_firstline /\d{4}-\d{1,2}-\d{1,2}/
format /(?<time>[^ ]* [^ ]*) (?<path>[^ ]*) (?<method>[^ ]*) (?<message>[^ ](.*?(\n)).*$)/
</parse>
</source>
<match **>
#@type copy
@type detect_exceptions
<store>
@type elasticsearch
host elasticsearch
port 9200
logstash_format true
logstash_prefix fluentd
logstash_dateformat %Y%m%d
include_tag_key true
type_name access_log
tag_key @log_name
flush_interval 1s
</store>
</match>
尝试了以下 3 个插件,但没有得到所需的输入:
fluent-plugin-detect-exceptions-with-error-0.0.3
fluent-plugin-detect-exceptions-0.0.12
fluent-plugin-concat-2.4.0
当我使用上述配置时,我在 fluentd 容器日志中收到以下错误:
2019-08-02 12:46:23 +0000 [error]: config error file="/fluentd/etc/fluent.conf" error_class=Fluent::ConfigError error="Unknown output plugin 'detect_exceptions'. Run 'gem search -rd fluent-plugin' to find plugins"
【问题讨论】: