Filebeat被配置为使用来自Kafka的输入和到文件的输出
当关闭多行设置时,输出会发布到文件中。但是当Kafka输入配置为mutiline时,文件中没有输出(甚至没有创建文件)
这里是相关的filebeat配置
输入配置
filebeat.inputs:
- type: kafka
hosts:
- <ip>:9092
topics:
- "my-multiline-log"
group_id: "kafka-consumer-filebeat"
parsers:
- multiline:
# type: pattern
pattern: '^'
negate: true
match: after字符串
输出配置:
output.file:
path: "/tmp/filebeat"
filename: filebeat
# codec.format:
# string: '%{[message]}'型
Filebeat相关日志
2021-12-16T11:02:34.551Z INFO [input.kafka] compat/compat.go:111 Input kafka starting {"id": "19A7FFEEC9EDFC04"}
2021-12-16T11:02:34.551Z INFO [input.kafka.kafka input] kafka/input.go:129 Starting Kafka input {"id": "19A7FFEEC9EDFC04", "hosts": ["<ip>:9092"]}
2021-12-16T11:02:38.158Z DEBUG [reader_multiline] multiline/pattern.go:142 Multiline event flushed because timeout reached.
2021-12-16T11:02:44.767Z DEBUG [reader_multiline] multiline/pattern.go:142 Multiline event flushed because timeout reached.
2021-12-16T11:02:51.481Z DEBUG [reader_multiline] multiline/pattern.go:142 Multiline event flushed because timeout reached.
2021-12-16T11:02:58.225Z DEBUG [reader_multiline] multiline/pattern.go:142 Multiline event flushed because timeout reached.
2021-12-16T11:03:04.555Z DEBUG cgroup/util.go:276 PID 1 contains a cgroups V2 path (0::/) but no V2 mountpoint was found.
This may be because metricbeat is running inside a container on a hybrid system.
To monitor cgroups V2 processess in this way, mount the unified (V2) hierarchy inside
the container as /sys/fs/cgroup/unified and start metricbeat with --system.hostfs.型
在日志中重复获取相同的四行reader_multiline
编辑:Kafka的多行解析器支持已在7.16版本中添加
1条答案
按热度按时间noj0wjuj1#
我认为这个配置是不必要的。模式:
pattern: '^'不能匹配任何一行。字符串
你可以参考this go playground来玩模式和日志线,它是filebeat官方文档中提到的操场的调整版本。
正如我所看到的,上面提供的模式不匹配任何日志行。此外,对于按新行拆分,您甚至不需要配置
multiline解析器,这是默认行为。