Fluentd sidecar 无法将日志发送到 Elasticsearch:不推荐在批量请求中删除类型
Fluentd sidecar isn't able to send logs to Elasticsearch: types removal Specifying types in bulk requests is deprecated
我配置了一个 sidecar 容器来为我的应用程序容器收集日志。
我首先使用以下配置测试了我的 fleunt.conf:
<source>
@type forward
bind "127.0.0.1"
port 24224
<parse>
@type json
</parse>
</source>
<match app.default>
@type stdout
</match>
当我使用 kubectl 在我的 pod 中跟踪 fluentd 容器的日志时,它工作正常,我可以看到我的应用程序日志为 JSON 格式。
现在,我正在尝试将日志发送到 elasticsearch。这是我的 fluent.conf 同样的:
<source>
@type forward
bind "127.0.0.1"
port 24224
<parse>
@type json
</parse>
</source>
<match app.default>
@type elasticsearch
host "elasticsearch_host"
port 9200
index_name "app-log"
user "log_user"
password xxxxxx
</match>
fluentd 容器在我的 pod 中 运行 很好,但我无法在 Kibana 中定义我在 fluetn.conf 中配置的索引。看起来索引模式没有加载到 elasticsearch.
fluentd 容器显示以下警告:
2020-10-22 12:31:10 +0000 [info]: parsing config file is succeeded path="/fluentd/etc/fluent.conf"
2020-10-22 12:31:10 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '4.0.0'
2020-10-22 12:31:10 +0000 [info]: gem 'fluentd' version '1.10.4'
2020-10-22 12:31:12 +0000 [info]: using configuration file: <ROOT>
<source>
@type forward
bind "127.0.0.1"
port 24224
<parse>
@type json
</parse>
</source>
<match app.default>
@type elasticsearch
host "elasticsearch_host"
port 9200
index_name "app-log"
user "log_user"
password xxxxxx
</match>
</ROOT>
2020-10-22 12:31:12 +0000 [info]: starting fluentd-1.10.4 pid=8 ruby="2.5.8"
2020-10-22 12:31:12 +0000 [info]: spawn command to main: cmdline=["/usr/bin/ruby", "-Eascii-8bit:ascii-8bit", "/usr/bin/fluentd", "-c", "/fluentd/etc/fluent.conf", "-p", "/fluentd/plugins", "--under-supervisor"]
2020-10-22 12:31:16 +0000 [info]: adding match pattern="app.default" type="elasticsearch"
2020-10-22 12:31:17 +0000 [warn]: #0 Detected ES 7.x: `_doc` will be used as the document `_type`.
2020-10-22 12:31:17 +0000 [info]: adding source type="forward"
2020-10-22 12:31:17 +0000 [warn]: section <parse> is not used in <source> of forward plugin
2020-10-22 12:31:17 +0000 [info]: #0 starting fluentd worker pid=22 ppid=8 worker=0
2020-10-22 12:31:17 +0000 [info]: #0 listening port port=24224 bind="127.0.0.1"
2020-10-22 12:31:17 +0000 [info]: #0 fluentd worker is now running worker=0
warning: 299 Elasticsearch-7.5.0-e9ccaed468e2fac2275a3761849cbee64b39519f "[types removal] Specifying types in bulk requests is deprecated."
warning: 299 Elasticsearch-7.5.0-e9ccaed468e2fac2275a3761849cbee64b39519f "[types removal] Specifying types in bulk requests is deprecated."
warning: 299 Elasticsearch-7.5.0-e9ccaed468e2fac2275a3761849cbee64b39519f "[types removal] Specifying types in bulk requests is deprecated."
如何消除此警告 "[types removal] Specifying types in bulk requests is deprecated."? fluent.conf 是否有任何其他配置可以帮助我解决这个问题?
我尝试在配置中使用 suppress_type_name true,但没有成功。
仅在插件的 4.0.10 版中添加了对 suppress_type_name true 的支持:https://github.com/uken/fluent-plugin-elasticsearch/blob/master/History.md#4010.
根据日志,您是 运行 4.0.0,因此升级并在配置中设置标志应该可以消除警告。该警告不应影响批量请求。
我配置了一个 sidecar 容器来为我的应用程序容器收集日志。
我首先使用以下配置测试了我的 fleunt.conf:
<source>
@type forward
bind "127.0.0.1"
port 24224
<parse>
@type json
</parse>
</source>
<match app.default>
@type stdout
</match>
当我使用 kubectl 在我的 pod 中跟踪 fluentd 容器的日志时,它工作正常,我可以看到我的应用程序日志为 JSON 格式。
现在,我正在尝试将日志发送到 elasticsearch。这是我的 fluent.conf 同样的:
<source>
@type forward
bind "127.0.0.1"
port 24224
<parse>
@type json
</parse>
</source>
<match app.default>
@type elasticsearch
host "elasticsearch_host"
port 9200
index_name "app-log"
user "log_user"
password xxxxxx
</match>
fluentd 容器在我的 pod 中 运行 很好,但我无法在 Kibana 中定义我在 fluetn.conf 中配置的索引。看起来索引模式没有加载到 elasticsearch.
fluentd 容器显示以下警告:
2020-10-22 12:31:10 +0000 [info]: parsing config file is succeeded path="/fluentd/etc/fluent.conf"
2020-10-22 12:31:10 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '4.0.0'
2020-10-22 12:31:10 +0000 [info]: gem 'fluentd' version '1.10.4'
2020-10-22 12:31:12 +0000 [info]: using configuration file: <ROOT>
<source>
@type forward
bind "127.0.0.1"
port 24224
<parse>
@type json
</parse>
</source>
<match app.default>
@type elasticsearch
host "elasticsearch_host"
port 9200
index_name "app-log"
user "log_user"
password xxxxxx
</match>
</ROOT>
2020-10-22 12:31:12 +0000 [info]: starting fluentd-1.10.4 pid=8 ruby="2.5.8"
2020-10-22 12:31:12 +0000 [info]: spawn command to main: cmdline=["/usr/bin/ruby", "-Eascii-8bit:ascii-8bit", "/usr/bin/fluentd", "-c", "/fluentd/etc/fluent.conf", "-p", "/fluentd/plugins", "--under-supervisor"]
2020-10-22 12:31:16 +0000 [info]: adding match pattern="app.default" type="elasticsearch"
2020-10-22 12:31:17 +0000 [warn]: #0 Detected ES 7.x: `_doc` will be used as the document `_type`.
2020-10-22 12:31:17 +0000 [info]: adding source type="forward"
2020-10-22 12:31:17 +0000 [warn]: section <parse> is not used in <source> of forward plugin
2020-10-22 12:31:17 +0000 [info]: #0 starting fluentd worker pid=22 ppid=8 worker=0
2020-10-22 12:31:17 +0000 [info]: #0 listening port port=24224 bind="127.0.0.1"
2020-10-22 12:31:17 +0000 [info]: #0 fluentd worker is now running worker=0
warning: 299 Elasticsearch-7.5.0-e9ccaed468e2fac2275a3761849cbee64b39519f "[types removal] Specifying types in bulk requests is deprecated."
warning: 299 Elasticsearch-7.5.0-e9ccaed468e2fac2275a3761849cbee64b39519f "[types removal] Specifying types in bulk requests is deprecated."
warning: 299 Elasticsearch-7.5.0-e9ccaed468e2fac2275a3761849cbee64b39519f "[types removal] Specifying types in bulk requests is deprecated."
如何消除此警告 "[types removal] Specifying types in bulk requests is deprecated."? fluent.conf 是否有任何其他配置可以帮助我解决这个问题?
我尝试在配置中使用 suppress_type_name true,但没有成功。
仅在插件的 4.0.10 版中添加了对 suppress_type_name true 的支持:https://github.com/uken/fluent-plugin-elasticsearch/blob/master/History.md#4010.
根据日志,您是 运行 4.0.0,因此升级并在配置中设置标志应该可以消除警告。该警告不应影响批量请求。