我正在尝试在Docker容器上使用流利的比特设置EFK堆栈。虽然我可以将日志从fluent-bit推送到elasticsearch,但是当我尝试集成fluentd时,却遇到了问题。这是确切的错误味精:
我的 docker-compose 文件中的服务
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:${TAG}
ports:
- '9200:9200'
- '9300:9300'
volumes:
- type: bind
source: ./config/elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
read_only: true
- type: volume
source: elasticsearch
target: /usr/share/elasticsearch/data
networks:
- efk_1
fluentd:
image: fluent/fluentd:${FLBV}
ports:
- '24224:24224'
volumes:
- type: bind
source: ./config/fluent.conf
target: /fluentd/etc/fluent.conf
read_only: true
networks:
- efk_1
depends_on:
- elasticsearch
fluent-bit:
image: fluent/fluent-bit:${FBITV}
ports:
- '2020:2020'
volumes:
- type: bind
source: ./config/fluent-bit.conf
target: /fluent-bit/etc/fluent-bit.conf
read_only: true
- type: bind
source: ./sample_logs
target: /var/log
networks:
- efk_1
depends_on:
- fluentd
Previously I directly pushed the logs from fluent-bit to elasticsearch like this without fluentd config anywhere:
[SERVICE]
Flush 2
Log_Level debug
[INPUT]
Name tail
Path /var/log/log.txt
[OUTPUT]
Name es
Match *
Host elasticsearch
Port 9200
这成功地将日志推送到了Elasticsearch,但是现在我在两者之间添加了fluentd,因此fluent-bit会将日志发送到fluentd,然后将其推送到elasticsearch。
流利的位配置:
[SERVICE]
Flush 2
Log_Level debug
[INPUT]
Name tail
Path /var/log/log.txt
[OUTPUT]
Name forward
Match *
Host fluentd
流利的conf:
<source>
@type forward
bind fluent-bit
</source>
<match **>
@type stdout
</match>
这给了我错误,因为即使它们属于同一 docker 网络,它们也无法检测到地址。
这些是我得到的错误:
和
有人可以帮我知道我在哪里出错吗?
最佳答案
我认为您的流利配置应该像:
<source>
type forward
bind 0.0.0.0
port 24224
</source>
<match fluent_bit>
type stdout
</match>
As in docs
可能流利的在绑定(bind)字段中应具有清晰的IP而不是主机名。
参见issue和the error description。
关于docker - 流利的位由于EADDRNOTAVAIL而无法将日志发送到流利的docker中,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/58728575/