从Logstash文件输入了解sincedb文件 [英] Understanding sincedb files from Logstash file input
问题描述
将文件输入与Logstash一起使用时,将编写一个sincedb文件以跟踪监视日志文件的当前位置.如何理解其内容?
When using the file input with Logstash, a sincedb file is written in order to keep track of the current position of monitored log files. How to understand its contents?
sincedb文件的示例:
Example of a sincedb file:
286105 0 19 20678374
推荐答案
共有4个字段(
假设将硬盘分为数千个非常小的部分,每个部分都有一个编号,那么inode或多或少类似于文件开始处的微小部分的编号.因此,给定的索引节点对于每个硬盘都是唯一的,但是为了解决同一服务器上有多个磁盘的情况,需要使用主设备号和次设备号,以确保三元组的唯一性(索引节点,次设备号,次设备号}. Wikipedia 上有关inode的更准确信息. Assuming that a hard disk would be segmented in thousands of very tiny parts with a number for each one, the inode would be more or less like the number of the tiny part where the file begins. So a given inode is unique to each hard disk, but in order to address cases where there are multiple disks on the same server, using major and minor device number is required in order to guarantee uniqueness of the triplet {inode, minor device number, minor device number}. More accurate info about inodes on Wikipedia. 也就是说,我不确定(例如)通过NFS挂载的文件是否会与本地文件冲突,因为通过NFS挂载的文件的inode似乎是远程文件.尽管我不认为插件编写者会为这种情况而烦恼,并且尽管我自己使用了NFS,但到目前为止,从未遇到任何麻烦.我也怀疑碰撞几率很小. That said, I am not so sure that (for example) files mounted through NFS could not collide with local files since the inode of a file mounted through NFS seems to be the remote one. Even though I don't think that the plugin writer bothered about such cases, and despite using NFS myself, never ran into any trouble so far. Also I suspect the collision probability to be very tiny. 现在,有了由inode以及主要设备号和次要设备号组成的三元组,我们有一种方法可以将插件读取的单个日志文件作为目标,而不会出现错误(或者至少是原始意图).最后一个数字,即字节偏移量,用于跟踪已读取输入日志文件并将其输出到Logstash的距离. Now with the triplet formed by inode and major and minor device number we have a way of targeting the single log file that is being read by the plugin without error (or at least that was the original intent). The last number, the byte offset, keeps track of how far the input log file as already been read and outputted to Logstash. 在某些特定的体系结构中,例如 Solaris 或 In some specific architectures like Solaris or Windows there have been bugs with ruby wrongly detecting the inode number, which was equal to 0. This could for example lead to issues like logstash not detecting a file rotation. 这篇关于从Logstash文件输入了解sincedb文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
