Fluent + Zabbix plugin
313 views
Skip to first unread message
Kellan Strong
Jul 14, 2015, 5:26:14 PM7/14/15
to flu...@googlegroups.com
All,
Does anyone have any good zabbix examples? I am wanting to grep an error in my logs and send that to zabbix.
So far my config looks like this:
<source>
type tail
path /var/log/tomcat6/catalina.out
pos_file /var/log/td-agent/tomcat.pos
format multi_format
<pattern>
format /^(?<time>[^ ]* [^ ]*) (?<level>.{5}) (?<class>[^ ]*) - (?<messages>.*)/
</pattern>
<pattern>
format /^(?<time>[^ ]* [^ ]*, [^ ]* [^ ]* [^ ]*) (?<class>[^ ]+) (?<method>.[^ ]*)/
</pattern>
<pattern>
format /^(?<level>[^ ]+): (?<messages>.*)/
</pattern>
<pattern>
format none
</pattern>
tag tomcat.catalina.log
</source>
<match tomcat.catalina.log>
type grep
regexp1 messages Returned
add_tag_prefix zabbix
</match>
<match zabbix.**>
type zabbix
zabbix_server 10.19.0.214
port 10051
host ${hostname}
name_keys messages test.fluentd
</match>
Does anyone have any good zabbix examples? I am wanting to grep an error in my logs and send that to zabbix.
So far my config looks like this:
<source>
type tail
path /var/log/tomcat6/catalina.out
pos_file /var/log/td-agent/tomcat.pos
format multi_format
<pattern>
format /^(?<time>[^ ]* [^ ]*) (?<level>.{5}) (?<class>[^ ]*) - (?<messages>.*)/
</pattern>
<pattern>
format /^(?<time>[^ ]* [^ ]*, [^ ]* [^ ]* [^ ]*) (?<class>[^ ]+) (?<method>.[^ ]*)/
</pattern>
<pattern>
format /^(?<level>[^ ]+): (?<messages>.*)/
</pattern>
<pattern>
format none
</pattern>
tag tomcat.catalina.log
</source>
<match tomcat.catalina.log>
type grep
regexp1 messages Returned
add_tag_prefix zabbix
</match>
<match zabbix.**>
type zabbix
zabbix_server 10.19.0.214
port 10051
host ${hostname}
name_keys messages test.fluentd
</match>
Mr. Fiber
Jul 15, 2015, 1:59:37 PM7/15/15
to flu...@googlegroups.com
> name_keys messages test.fluentd
From configuration, name_keys should be seprated by ',', not ' '.
> <match tomcat.catalina.log>
> type grep> regexp1 messages Returned
> add_tag_prefix zabbix
> </match>
If you use fluentd v0.12, using grep filter instead of grep output is better.
--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Kellan Strong
Jul 15, 2015, 3:50:06 PM7/15/15
to flu...@googlegroups.com
I am just more confused on how it works.
I am now trying to use zabbix simple.
<match tomcat.catalina.log>
type grep 1,1 Top
regexp1 message FINE
I am now trying to use zabbix simple.
<match tomcat.catalina.log>
type grep 1,1 Top
regexp1 message FINE
add_tag_prefix zabbix
</match>
<match zabbix.**>
type copy
<store>
type stdout
</store>
<store>
type zabbix_simple
zabbix_server 10.10.0.224
host ${hostname}
map_key1 zabbix.* message.test.fluentd
</store>
</match>
Getting it return that it connected to zabbix
2015-07-15 12:48:52 -0700 zabbix.tomcat.catalina.log: {"message":"FINE: Successfully passed all security constraints"}
2015-07-15 12:48:52 -0700 [trace]: plugin/out_zabbix_simple.rb:87:emit: connecting to zabbix server `10.10.0.224(port:`10051`)
2015-07-15 12:48:52 -0700 [trace]: plugin/out_zabbix_simple.rb:90:emit: done connected to zabbix server
But on my zabbix server I don't see the message.
<store>
type stdout
</store>
<store>
type zabbix_simple
zabbix_server 10.10.0.224
host ${hostname}
map_key1 zabbix.* message.test.fluentd
</store>
</match>
Getting it return that it connected to zabbix
2015-07-15 12:48:52 -0700 zabbix.tomcat.catalina.log: {"message":"FINE: Successfully passed all security constraints"}
2015-07-15 12:48:52 -0700 [trace]: plugin/out_zabbix_simple.rb:87:emit: connecting to zabbix server `10.10.0.224(port:`10051`)
2015-07-15 12:48:52 -0700 [trace]: plugin/out_zabbix_simple.rb:90:emit: done connected to zabbix server
But on my zabbix server I don't see the message.
Message has been deleted
Mr. Fiber
Jul 15, 2015, 4:07:04 PM7/15/15
to flu...@googlegroups.com
From zabbix_simple README, your configuration seems wrong.
READEME said "fluent-plugin-zabbix-simple converts fluentd's JSON key to Zabbix key, and sends Zabbix key and its value to Zabbix Server.", but
yoru configuration, map_key1 zabbix.* message.test.fluentd, specifies tag for map_key, not json's field.
Please follow the "Installation Check" section on README.
Kellan Strong
Jul 15, 2015, 4:55:16 PM7/15/15
to flu...@googlegroups.com
So it seems that host ${hostname} was the problem.... after I reverted back to message.
Reply all
Reply to author
Forward
0 new messages