流利的Apache格式[警告]:模式不匹配: [英] Fluentd apache format [warn]: pattern not match:

问题描述

在我的/etc/fluent/fluent.conf

In my /etc/fluent/fluent.conf

<source>
  @type tail
  format apache2
  path /var/log/apache2/other_vhosts_access.log
  tag apache2.access
</source>

错误/警告:2016-02-11 00:59:10 +0100 [警告]:模式不匹配: "mybebsite.dz:443 105.101.114.234--[11/Feb/2016:00:59:10 +0100] \"POST/__ es/_all/_search HTTP/1.1 \" 200 794 \" https://mywebsite.net/ \" \"Mozilla/5.0(Windows NT 6.1； WOW64； rv:43.0)Gecko/20100101 Firefox/43.0 \"

Error / warn : 2016-02-11 00:59:10 +0100 [warn]: pattern not match: "mybebsite.dz:443 105.101.114.234 - - [11/Feb/2016:00:59:10 +0100] \"POST /__es/_all/_search HTTP/1.1\" 200 794 \"https://mywebsite.net/\" \"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0\""

为什么这个模式不匹配? 最好.

Why this patern dosn't match ? Best.

推荐答案

我一直流利地警告:模式不匹配，因此我的过滤器部分无法正常工作.然后，我认真对待了这个警告，并通过创建一个正则表达式解决了这个问题.因此，我的td-agent.conf如下:

I have been facing warn: pattern not match in fluentd, and because of this my filter section was not working. And then I took this warning seriously and resolved this by creating a regex. So, my td-agent.conf is as follows:

 <source>
    @type tail
    format **/^([^ ]*) (?<host>[^ ]*) [^ ]* "(?<method>\S+) (?<path>[^ ]* +\S*)? (?<code>[^ ]*) (?<size>[^ ]*) (?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?/**
    path /var/log/apache2/access.log
    pos_file /var/log/td-agent/httpd.access.pos
    tag s3.apache.access
  </source>
  <filter **>
    @type grep
    <regexp>
      key path
      pattern \/aws\/project_launch\/view\/[\w\W]*
    </regexp>
  </filter>
  <match **>
    @type s3
    aws_key_id xxxxxx
    aws_sec_key xxxxxx
    s3_bucket bucketalifluentd
    s3_region eu-west-1
    path logs_viewshare/
    buffer_path /var/log/td-agent/buffer/s3
    time_slice_format %Y-%m-%d/%H
    time_slice_wait 2m
  </match>

请注意，由于您在 apache2.conf 中进行了不同的配置，因此apache2日志可能与您有所不同.您可以使用 rubular

Please note that, the apache2 logs may be different for you, because you have made a different configuration in apache2.conf. You can use rubular

用于在ruby中创建正则表达式，因为fluentd/td-agent已用ruby编写. 之后，您可以在目录/var/log/td-agent/buffer/s3.xxx

for creating regex in ruby, because fluentd/td-agent has been written in ruby. After that you can view buffer that has collected your logs in directory /var/log/td-agent/buffer/s3.xxx

这篇关于流利的Apache格式[警告]:模式不匹配:的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！