Telegraf尾部带有grok模式错误 [英] Telegraf tail with grok pattern error
问题描述
我正在使用Telegraf从Apache NiFi获取日志信息,对于此任务,我正在使用以下配置:
I am using Telegraf to get logs information from Apache NiFi, for this task I am using this config:
[[inputs.tail]]
## files to tail.
files = ["/var/log/nifi/nifi-app.log"]
## Read file from beginning.
from_beginning = true
#name_override = "nifi_app"
## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
data_format = "grok"
grok_patterns = [ "%{DATE:date} %{TIME:time} %{WORD:EventType} \[%{GREEDYDATA:NifiTask} %{NOTSPACE:Thread}\] %{NOTSPACE:NifiEventType} %{GREEDYDATA:EventText} %{NUMBER:EventDuration} %{WORD:EventDurationUnits}" ]
当我尝试启动telegraf时,出现此错误:
When I try to start telegraf it give me this error:
解析/etc/telegraf/telegraf.conf时出错,toml:第10行:解析错误
Error parsing /etc/telegraf/telegraf.conf, toml: line 10: parse error
我编写的模式已在 Grok调试器中进行了测试,文字如下:
The pattern I wrote was tested in a Grok debugger with this text:
2018-08-02 10:53:16,976信息[心跳监视器线程1] o.a.n.c.c.h.AbstractHeartbeatMonitor完成处理1个心跳 在11863纳米中
2018-08-02 10:53:16,976 INFO [Heartbeat Monitor Thread-1] o.a.n.c.c.h.AbstractHeartbeatMonitor Finished processing 1 heartbeats in 11863 nanos
这些是一些测试的结果:
These are the results of some testing:
grok_patterns = ["\[%{GREEDYDATA:NifiTask}\]"] ==> toml: line 10: parse error
grok_patterns = ["[%{GREEDYDATA:NifiTask}]"] ==> Invalid data format: grok
grok_patterns = ['\[%{GREEDYDATA:NifiTask}\]'] ==> Invalid data format: grok
grok_patterns = ["\\[%{GREEDYDATA:NifiTask}\\]"] ==> Invalid data format: grok
grok_patterns = ['[%{GREEDYDATA:NifiTask}]'] -> Invalid data format: grok
对我来说,第一个选择是正确的选择,但不起作用,问题似乎出在逃脱括号的方式上.
The first option for me is the right one, but doesn't works, and the problem seems to be the way the bracket is being escaped.
如何解决这个问题?
推荐答案
存在多个问题:
-
第一个问题:grok数据格式已在1.8版本中添加到Telegraf中( ref ),因此在该版本发布之前,我必须每晚进行安装.
First problem: the grok dataformat is added to Telegraf in the 1.8 release (ref), so I must use a nightly install until this version is released.
第二个问题:如何逃避括号,以常规方式执行存在问题,所以我最后要做的就是将这部分放入自定义模式文件中,从而可以正常工作.
Second problem: how to escape the brackets, there are problems doing it in a regular way, so what I finally did was to put this part in a custom pattern file, this way it works perfectly.
这篇关于Telegraf尾部带有grok模式错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
