Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
2.5k views
in Technique[技术] by (71.8m points)

fluentd - Use fluent-plugin-grok-parser with splunk-hec image

I am trying to create an image that has grok-parser installed based on the fluentd-hec image.

This is the Dockerfile i'm using:

FROM splunk/fluentd-hec:1.2.4
USER root
RUN gem install fluent-plugin-grok-parser
RUN chown -R fluent:fluent /usr/local/share/gems/gems/fluent-plugin-grok-parser-*
USER fluent

This is the output from that build


Step 1/5 : FROM splunk/fluentd-hec:1.2.4
 ---> ac49b85acc6a
Step 2/5 : USER root
 ---> Running in 4ee81880e92a
Removing intermediate container 4ee81880e92a
 ---> e3748059e604
Step 3/5 : RUN gem install fluent-plugin-grok-parser
 ---> Running in 2a1debb084ec
Successfully installed bundler-2.2.5
Building native extensions. This could take a while...
Successfully installed msgpack-1.3.3
Building native extensions. This could take a while...
Successfully installed yajl-ruby-1.4.1
Building native extensions. This could take a while...
Successfully installed cool.io-1.7.0
Successfully installed sigdump-0.2.4
Successfully installed serverengine-2.2.2
Building native extensions. This could take a while...
Successfully installed http_parser.rb-0.6.0
Successfully installed concurrent-ruby-1.1.7
Successfully installed tzinfo-2.0.4
Successfully installed tzinfo-data-1.2020.6
Building native extensions. This could take a while...
Successfully installed strptime-0.2.5
Successfully installed fluentd-1.12.0
Successfully installed fluent-plugin-grok-parser-2.6.2
13 gems installed
Removing intermediate container 2a1debb084ec
 ---> c5155932810c
Step 4/5 : RUN chown -R fluent:fluent /usr/local/share/gems/gems/fluent-plugin-grok-parser-*
 ---> Running in 1c2550dcac74
Removing intermediate container 1c2550dcac74
 ---> 7e216a676427
Step 5/5 : USER fluent
 ---> Running in 5ee31ea2e78a
Removing intermediate container 5ee31ea2e78a
 ---> ea8bdee73ee5
Successfully built ea8bdee73ee5

the snippet of the configmap is:

      @id snow
      @type tail
      @label @SPLUNK
      tag tail.snow.*
      path /opt/snow/data/*.log
      pos_file /var/log/splunk-snow.log.pos
      path_key source
      <parse>
        @type grok
        grok_failure_key grokfailure
        <grok>
          pattern %{TIMESTAMP_ISO8601:time};%{SPACE}%{GREEDYDATA:log}
        </grok>
      </parse>
    </source>

when I deploy a daemonset using the new image I get the error config error file="/fluentd/etc/fluent.conf" error_class=Fluent::ConfigError error="Unknown parser plugin 'grok'. Run 'gem search -rd fluent-plugin' to find plugins" I have tried this in EKS v1.18 as well as docker desktop and they both have the same issue.

Is there anything else I need to add to the dockerfile so that I use extra plugins?

I'd appreciate any help at on this!


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I have rewritten the config so grok isn't used so this question isn't needed any more


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...