Telegraf 尾部带有 grok 模式错误 [英] Telegraf tail with grok pattern error
问题描述
我正在使用 Telegraf 从 Apache NiFi 获取日志信息,对于此任务,我正在使用此配置:
I am using Telegraf to get logs information from Apache NiFi, for this task I am using this config:
[[inputs.tail]]
## files to tail.
files = ["/var/log/nifi/nifi-app.log"]
## Read file from beginning.
from_beginning = true
#name_override = "nifi_app"
## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
data_format = "grok"
grok_patterns = [ "%{DATE:date} %{TIME:time} %{WORD:EventType} \[%{GREEDYDATA:NifiTask} %{NOTSPACE:Thread}\] %{NOTSPACE:NifiEventType} %{GREEDYDATA:EventText} %{NUMBER:EventDuration} %{WORD:EventDurationUnits}" ]
当我尝试启动 Telegraf 时,它给了我这个错误:
When I try to start telegraf it give me this error:
解析/etc/telegraf/telegraf.conf时出错,toml:第10行:解析错误
Error parsing /etc/telegraf/telegraf.conf, toml: line 10: parse error
我编写的模式在 Grok 调试器中测试过,文本如下:
The pattern I wrote was tested in a Grok debugger with this text:
2018-08-02 10:53:16,976 INFO [Heartbeat Monitor Thread-1]o.a.n.c.c.h.AbstractHeartbeatMonitor 处理完 1 个心跳11863 纳米
2018-08-02 10:53:16,976 INFO [Heartbeat Monitor Thread-1] o.a.n.c.c.h.AbstractHeartbeatMonitor Finished processing 1 heartbeats in 11863 nanos
以下是一些测试的结果:
These are the results of some testing:
grok_patterns = ["\[%{GREEDYDATA:NifiTask}\]"] ==> toml: line 10: parse error
grok_patterns = ["[%{GREEDYDATA:NifiTask}]"] ==> Invalid data format: grok
grok_patterns = ['\[%{GREEDYDATA:NifiTask}\]'] ==> Invalid data format: grok
grok_patterns = ["\\[%{GREEDYDATA:NifiTask}\\]"] ==> Invalid data format: grok
grok_patterns = ['[%{GREEDYDATA:NifiTask}]'] -> Invalid data format: grok
对我来说第一个选项是正确的,但不起作用,问题似乎是括号的转义方式.
The first option for me is the right one, but doesn't works, and the problem seems to be the way the bracket is being escaped.
如何解决这个问题?
推荐答案
问题不止一个:
第一个问题:1.8 版本中将 grok 数据格式添加到 Telegraf (ref),所以我必须在这个版本发布之前使用每晚安装.
First problem: the grok dataformat is added to Telegraf in the 1.8 release (ref), so I must use a nightly install until this version is released.
第二个问题:如何转义括号,常规方式有问题,所以我最后做的是把这部分放在自定义模式文件中,这样就完美了.
Second problem: how to escape the brackets, there are problems doing it in a regular way, so what I finally did was to put this part in a custom pattern file, this way it works perfectly.
这篇关于Telegraf 尾部带有 grok 模式错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
