|
@@ -0,0 +1,322 @@
|
|
|
|
+agent01.sources = source1 source2 source3 source4 source5 source6 source7 source8
|
|
|
|
+agent01.channels = sink01 sink02
|
|
|
|
+agent01.sinks = elasticSearch
|
|
|
|
+
|
|
|
|
+#agent01.sources.source1.type = exec
|
|
|
|
+#agent01.sources.source1.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+#agent01.sources.source1.restart = true
|
|
|
|
+#agent01.sources.source1.logStdErr = true
|
|
|
|
+#agent01.sources.source1.batchSize = 500
|
|
|
|
+#agent01.sources.source1.channels = sink02
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+####source1######
|
|
|
|
+agent01.sources.source1.type = exec
|
|
|
|
+agent01.sources.source1.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+agent01.sources.source1.restart = true
|
|
|
|
+agent01.sources.source1.logStdErr = true
|
|
|
|
+agent01.sources.source1.channels = sink02
|
|
|
|
+
|
|
|
|
+agent01.sources.source1.interceptors = interceptor1 interceptor2 interceptor3
|
|
|
|
+agent01.sources.source1.interceptors.interceptor1.type = host
|
|
|
|
+agent01.sources.source1.interceptors.interceptor1.hostHeader = host
|
|
|
|
+
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.type = regex_extractor
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.regex = ([^\\s]*)\\s-\\s([^\\s]*)\\s\\[(.*)\\]\\s+\\"([\\S]*)\\s+([\\S]*)\\s+[\\S]*\\"\\s+(\\d+)\\s+(\\d+)\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"(.*?)\\"\\s+\\"([^\\"]*)\\"
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers = s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s1.name = remote_addr
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s2.name = remote_user
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s3.name = datetime
|
|
|
|
+#这里的时间已经是ISO8601格式,kibana可以直接识别为时间格式,所以下面的3行可以不用
|
|
|
|
+#agent01.sources.source1.interceptors.interceptor2.serializers.s3.type = org.apache.flume.interceptor.RegexExtractorInterceptorMillisSerializer
|
|
|
|
+#agent01.sources.source1.interceptors.interceptor2.serializers.s3.name = timestamp
|
|
|
|
+#agent01.sources.source1.interceptors.interceptor2.serializers.s3.pattern = yyyy-MM-dd'T'HH:mm:ssZ
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s4.name = http_method
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s5.name = uri
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s6.name = status
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s7.name = body_length
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s8.name = http_referer
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s9.name = user_agent
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s10.name = http_x_forwarded_for
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s11.name = request_time
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s12.name = upstream_addr
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s13.name = upstream_response_time
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s14.name = post_body
|
|
|
|
+agent01.sources.source1.interceptors.interceptor2.serializers.s15.name = domain_url
|
|
|
|
+
|
|
|
|
+agent01.sources.source1.interceptors.interceptor3.type = timestamp
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+####source2######
|
|
|
|
+agent01.sources.source2.type = exec
|
|
|
|
+agent01.sources.source2.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+agent01.sources.source2.channels = sink02
|
|
|
|
+
|
|
|
|
+agent01.sources.source2.interceptors = interceptor1 interceptor2 interceptor3
|
|
|
|
+agent01.sources.source2.interceptors.interceptor1.type = host
|
|
|
|
+agent01.sources.source2.interceptors.interceptor1.hostHeader = host
|
|
|
|
+
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.type = regex_extractor
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.regex = ([^\\s]*)\\s-\\s([^\\s]*)\\s\\[(.*)\\]\\s+\\"([\\S]*)\\s+([\\S]*)\\s+[\\S]*\\"\\s+(\\d+)\\s+(\\d+)\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"(.*?)\\"\\s+\\"([^\\"]*)\\"
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers = s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s1.name = remote_addr
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s2.name = remote_user
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s3.name = datetime
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s4.name = http_method
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s5.name = uri
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s6.name = status
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s7.name = body_length
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s8.name = http_referer
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s9.name = user_agent
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s10.name = http_x_forwarded_for
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s11.name = request_time
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s12.name = upstream_addr
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s13.name = upstream_response_time
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s14.name = post_body
|
|
|
|
+agent01.sources.source2.interceptors.interceptor2.serializers.s15.name = domain_url
|
|
|
|
+
|
|
|
|
+agent01.sources.source2.interceptors.interceptor3.type = timestamp
|
|
|
|
+
|
|
|
|
+####source3######
|
|
|
|
+agent01.sources.source3.type = exec
|
|
|
|
+agent01.sources.source3.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+agent01.sources.source3.channels = sink02
|
|
|
|
+
|
|
|
|
+agent01.sources.source3.interceptors = interceptor1 interceptor2 interceptor3
|
|
|
|
+agent01.sources.source3.interceptors.interceptor1.type = host
|
|
|
|
+agent01.sources.source3.interceptors.interceptor1.hostHeader = host
|
|
|
|
+
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.type = regex_extractor
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.regex = ([^\\s]*)\\s-\\s([^\\s]*)\\s\\[(.*)\\]\\s+\\"([\\S]*)\\s+([\\S]*)\\s+[\\S]*\\"\\s+(\\d+)\\s+(\\d+)\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"(.*?)\\"\\s+\\"([^\\"]*)\\"
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers = s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s1.name = remote_addr
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s2.name = remote_user
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s3.name = datetime
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s4.name = http_method
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s5.name = uri
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s6.name = status
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s7.name = body_length
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s8.name = http_referer
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s9.name = user_agent
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s10.name = http_x_forwarded_for
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s11.name = request_time
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s12.name = upstream_addr
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s13.name = upstream_response_time
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s14.name = post_body
|
|
|
|
+agent01.sources.source3.interceptors.interceptor2.serializers.s15.name = domain_url
|
|
|
|
+
|
|
|
|
+agent01.sources.source3.interceptors.interceptor3.type = timestamp
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+####source4######
|
|
|
|
+agent01.sources.source4.type = exec
|
|
|
|
+agent01.sources.source4.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+agent01.sources.source4.channels = sink02
|
|
|
|
+
|
|
|
|
+agent01.sources.source4.interceptors = interceptor1 interceptor2 interceptor3
|
|
|
|
+agent01.sources.source4.interceptors.interceptor1.type = host
|
|
|
|
+agent01.sources.source4.interceptors.interceptor1.hostHeader = host
|
|
|
|
+
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.type = regex_extractor
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.regex = ([^\\s]*)\\s-\\s([^\\s]*)\\s\\[(.*)\\]\\s+\\"([\\S]*)\\s+([\\S]*)\\s+[\\S]*\\"\\s+(\\d+)\\s+(\\d+)\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"(.*?)\\"\\s+\\"([^\\"]*)\\"
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers = s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s1.name = remote_addr
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s2.name = remote_user
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s3.name = datetime
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s4.name = http_method
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s5.name = uri
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s6.name = status
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s7.name = body_length
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s8.name = http_referer
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s9.name = user_agent
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s10.name = http_x_forwarded_for
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s11.name = request_time
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s12.name = upstream_addr
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s13.name = upstream_response_time
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s14.name = post_body
|
|
|
|
+agent01.sources.source4.interceptors.interceptor2.serializers.s15.name = domain_url
|
|
|
|
+
|
|
|
|
+agent01.sources.source4.interceptors.interceptor3.type = timestamp
|
|
|
|
+
|
|
|
|
+###source5######
|
|
|
|
+agent01.sources.source5.type = exec
|
|
|
|
+agent01.sources.source5.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+agent01.sources.source5.channels = sink02
|
|
|
|
+
|
|
|
|
+agent01.sources.source5.interceptors = interceptor1 interceptor2 interceptor3
|
|
|
|
+agent01.sources.source5.interceptors.interceptor1.type = host
|
|
|
|
+agent01.sources.source5.interceptors.interceptor1.hostHeader = host
|
|
|
|
+
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.type = regex_extractor
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.regex = ([^\\s]*)\\s-\\s([^\\s]*)\\s\\[(.*)\\]\\s+\\"([\\S]*)\\s+([\\S]*)\\s+[\\S]*\\"\\s+(\\d+)\\s+(\\d+)\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"(.*?)\\"\\s+\\"([^\\"]*)\\"
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers = s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s1.name = remote_addr
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s2.name = remote_user
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s3.name = datetime
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s4.name = http_method
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s5.name = uri
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s6.name = status
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s7.name = body_length
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s8.name = http_referer
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s9.name = user_agent
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s10.name = http_x_forwarded_for
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s11.name = request_time
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s12.name = upstream_addr
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s13.name = upstream_response_time
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s14.name = post_body
|
|
|
|
+agent01.sources.source5.interceptors.interceptor2.serializers.s15.name = domain_url
|
|
|
|
+
|
|
|
|
+agent01.sources.source5.interceptors.interceptor3.type = timestamp
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+##source6######
|
|
|
|
+agent01.sources.source6.type = exec
|
|
|
|
+agent01.sources.source6.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+agent01.sources.source6.channels = sink02
|
|
|
|
+
|
|
|
|
+agent01.sources.source6.interceptors = interceptor1 interceptor2 interceptor3
|
|
|
|
+agent01.sources.source6.interceptors.interceptor1.type = host
|
|
|
|
+agent01.sources.source6.interceptors.interceptor1.hostHeader = host
|
|
|
|
+
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.type = regex_extractor
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.regex = ([^\\s]*)\\s-\\s([^\\s]*)\\s\\[(.*)\\]\\s+\\"([\\S]*)\\s+([\\S]*)\\s+[\\S]*\\"\\s+(\\d+)\\s+(\\d+)\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"(.*?)\\"\\s+\\"([^\\"]*)\\"
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers = s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s1.name = remote_addr
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s2.name = remote_user
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s3.name = datetime
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s4.name = http_method
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s5.name = uri
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s6.name = status
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s7.name = body_length
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s8.name = http_referer
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s9.name = user_agent
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s10.name = http_x_forwarded_for
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s11.name = request_time
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s12.name = upstream_addr
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s13.name = upstream_response_time
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s14.name = post_body
|
|
|
|
+agent01.sources.source6.interceptors.interceptor2.serializers.s15.name = domain_url
|
|
|
|
+
|
|
|
|
+agent01.sources.source6.interceptors.interceptor3.type = timestamp
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+######source7######
|
|
|
|
+agent01.sources.source7.type = exec
|
|
|
|
+agent01.sources.source7.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+agent01.sources.source7.channels = sink02
|
|
|
|
+
|
|
|
|
+agent01.sources.source7.interceptors = interceptor1 interceptor2 interceptor3
|
|
|
|
+agent01.sources.source7.interceptors.interceptor1.type = host
|
|
|
|
+agent01.sources.source7.interceptors.interceptor1.hostHeader = host
|
|
|
|
+
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.type = regex_extractor
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.regex = ([^\\s]*)\\s-\\s([^\\s]*)\\s\\[(.*)\\]\\s+\\"([\\S]*)\\s+([\\S]*)\\s+[\\S]*\\"\\s+(\\d+)\\s+(\\d+)\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"(.*?)\\"\\s+\\"([^\\"]*)\\"
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers = s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s1.name = remote_addr
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s2.name = remote_user
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s3.name = datetime
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s4.name = http_method
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s5.name = uri
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s6.name = status
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s7.name = body_length
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s8.name = http_referer
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s9.name = user_agent
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s10.name = http_x_forwarded_for
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s11.name = request_time
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s12.name = upstream_addr
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s13.name = upstream_response_time
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s14.name = post_body
|
|
|
|
+agent01.sources.source7.interceptors.interceptor2.serializers.s15.name = domain_url
|
|
|
|
+
|
|
|
|
+agent01.sources.source7.interceptors.interceptor3.type = timestamp
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+#####source8######
|
|
|
|
+agent01.sources.source8.type = exec
|
|
|
|
+agent01.sources.source8.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+agent01.sources.source8.channels = sink02
|
|
|
|
+
|
|
|
|
+agent01.sources.source8.interceptors = interceptor1 interceptor2 interceptor3
|
|
|
|
+agent01.sources.source8.interceptors.interceptor1.type = host
|
|
|
|
+agent01.sources.source8.interceptors.interceptor1.hostHeader = host
|
|
|
|
+
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.type = regex_extractor
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.regex = ([^\\s]*)\\s-\\s([^\\s]*)\\s\\[(.*)\\]\\s+\\"([\\S]*)\\s+([\\S]*)\\s+[\\S]*\\"\\s+(\\d+)\\s+(\\d+)\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"(.*?)\\"\\s+\\"([^\\"]*)\\"
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers = s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s1.name = remote_addr
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s2.name = remote_user
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s3.name = datetime
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s4.name = http_method
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s5.name = uri
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s6.name = status
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s7.name = body_length
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s8.name = http_referer
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s9.name = user_agent
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s10.name = http_x_forwarded_for
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s11.name = request_time
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s12.name = upstream_addr
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s13.name = upstream_response_time
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s14.name = post_body
|
|
|
|
+agent01.sources.source8.interceptors.interceptor2.serializers.s15.name = domain_url
|
|
|
|
+
|
|
|
|
+agent01.sources.source8.interceptors.interceptor3.type = timestamp
|
|
|
|
+
|
|
|
|
+#####source9######
|
|
|
|
+agent01.sources.source9.type = exec
|
|
|
|
+agent01.sources.source9.command = tail -F /usr/local/openresty/nginx/logs/some_access.log
|
|
|
|
+agent01.sources.source9.channels = sink02
|
|
|
|
+
|
|
|
|
+agent01.sources.source9.interceptors = interceptor1 interceptor2 interceptor3
|
|
|
|
+agent01.sources.source9.interceptors.interceptor1.type = host
|
|
|
|
+agent01.sources.source9.interceptors.interceptor1.hostHeader = host
|
|
|
|
+
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.type = regex_extractor
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.regex = ([^\\s]*)\\s-\\s([^\\s]*)\\s\\[(.*)\\]\\s+\\"([\\S]*)\\s+([\\S]*)\\s+[\\S]*\\"\\s+(\\d+)\\s+(\\d+)\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"([^\\"]*)\\"\\s+\\"(.*?)\\"\\s+\\"([^\\"]*)\\"
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers = s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s1.name = remote_addr
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s2.name = remote_user
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s3.name = datetime
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s4.name = http_method
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s5.name = uri
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s6.name = status
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s7.name = body_length
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s8.name = http_referer
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s9.name = user_agent
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s10.name = http_x_forwarded_for
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s11.name = request_time
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s12.name = upstream_addr
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s13.name = upstream_response_time
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s14.name = post_body
|
|
|
|
+agent01.sources.source9.interceptors.interceptor2.serializers.s15.name = domain_url
|
|
|
|
+
|
|
|
|
+agent01.sources.source9.interceptors.interceptor3.type = timestamp
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+agent01.sinks.elasticSearch.type = org.apache.flume.sink.elasticsearch.ElasticSearchSink
|
|
|
|
+agent01.sinks.elasticSearch.timeZone=Asia/Shanghai
|
|
|
|
+agent01.sinks.elasticSearch.channel = sink02
|
|
|
|
+agent01.sinks.elasticSearch.batchSize = 2000
|
|
|
|
+agent01.sinks.elasticSearch.hostNames = 10.31.88.120:9300
|
|
|
|
+agent01.sinks.elasticSearch.indexName = nginx_access_log
|
|
|
|
+agent01.sinks.elasticSearch.indexType = static
|
|
|
|
+agent01.sinks.elasticSearch.clusterName = elasticsearch-zzb1
|
|
|
|
+agent01.sinks.elasticSearch.client = transport
|
|
|
|
+agent01.sinks.elasticSearch.serializer = org.apache.flume.sink.elasticsearch.ElasticSearchLogStashEventSerializer
|
|
|
|
+
|
|
|
|
+# Each sink's type must be defined
|
|
|
|
+agent01.sinks.loggerSink.type = logger
|
|
|
|
+
|
|
|
|
+#Specify the channel the sink should use
|
|
|
|
+agent01.sinks.loggerSink.channel = sink01
|
|
|
|
+
|
|
|
|
+# Each channel's type is defined.
|
|
|
|
+agent01.channels.sink01.type = memory
|
|
|
|
+agent01.channels.sink01.capacity = 10000
|
|
|
|
+agent01.channels.sink01.transactionCapacity = 10000
|
|
|
|
+agent01.channels.sink01.byteCapacityBufferPercentage = 20
|
|
|
|
+agent01.channels.sink01.keep-alive = 30
|
|
|
|
+
|
|
|
|
+agent01.channels.sink02.type = file
|
|
|
|
+agent01.channels.sink02.checkpointDir = /data/flume/data/checkpointDir
|
|
|
|
+agent01.channels.sink02.dataDirs = /data/flume/data/dataDirs
|