fluentd: Customized fluentd image (fluentd v1.0 + fluent-plugin-elasticsearch -v 2.4.0) doesn't work
I built fluentd image using the following Dockerfile,
FROM fluent/fluentd:v1.0-debian
USER root
WORKDIR /home/fluent
ENV PATH /home/fluent/.gem/ruby/2.3.0/bin:$PATH
RUN buildDeps="sudo make gcc g++ libc-dev ruby-dev libffi-dev" \
&& apt-get update \
&& apt-get upgrade -y \
&& apt-get install \
-y --no-install-recommends \
$buildDeps \
&& echo 'gem: --no-document' >> /etc/gemrc \
&& gem install fluent-plugin-secure-forward \
&& gem install fluent-plugin-record-reformer \
&& gem install fluent-plugin-elasticsearch -v 2.4.0 \
&& gem install fluent-plugin-kubernetes_metadata_filter \
&& gem install ffi \
&& gem install fluent-plugin-systemd -v 0.0.8 \
&& SUDO_FORCE_REMOVE=yes \
apt-get purge -y --auto-remove \
-o APT::AutoRemove::RecommendsImportant=false \
$buildDeps \
&& rm -rf /var/lib/apt/lists/* \
&& gem sources --clear-all \
&& rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem
# Copy configuration files
COPY ./conf/fluent.conf /fluentd/etc/
COPY ./conf/systemd.conf /fluentd/etc/
COPY ./conf/kubernetes.conf /fluentd/etc/
# Copy plugins
COPY plugins /fluentd/plugins/
COPY entrypoint.sh /fluentd/entrypoint.sh
# Environment variables
ENV FLUENTD_OPT=""
ENV FLUENTD_CONF="fluent.conf"
# jemalloc is memory optimization only available for td-agent
# td-agent is provided and QA'ed by treasuredata as rpm/deb/.. package
# -> td-agent (stable) vs fluentd (edge)
#ENV LD_PRELOAD="/usr/lib/libjemalloc.so.2"
# Run Fluentd
CMD ["/fluentd/entrypoint.sh"]
And then the configuration file for fluentd is as below,
tag fluentd
<parse>
@type json
time_key time
keep_time_key true
</parse>
refresh_interval 5
</source>
<filter **>
@type grep
<regexp>
key log
pattern TESTDATA
</regexp>
</filter>
<filter **>
@type parser
format json
key_name log
reserve_data true
hash_value_field log
</filter>
<match fluentd>
@type elasticsearch
host elasticsearch
port 9200
flush_interval 10s
index_name test-${.log.tenantid}-%Y%m%d
<buffer tag, .log.tenantid, time>
@type memory
timekey 3600
</buffer>
</match>
Everything is fine, and I do not see any error logs, but the issue is that the fluentd can’t receive any log data.
Previously I built a fluentd image using fluentd:v0.12.33-debian and fluent-plugin-elasticsearch without specifying the version, and it worked.
This time, I made the following two changes, but it doesn’t work any more,
- I replaced the fluentd base image with v1.0 and specified a version v2.4.0 for fluent-plugin-elasticsearch;
- I replaced the ${log.tenantid} with ${.log.tenantid} per cosmo0920’s suggestion.
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 18 (6 by maintainers)
It’s right based on the the following link provided by repeadedly yesterday,
https://rubygems.org/gems/fluent-plugin-elasticsearch/versions/2.5.0But the reality is that I built the fluentd image using fluent/fluentd:v0.12.33-debian + fluent-plugin-elasticsearch v 2.5.0 (You can see the Dockerfile in my previous post), and it works, although there were some strange log messages on startup. Based on the feedback from repeadedly, it means that unexpected version is installed. But anyhow, it works.
When I changed the base image to fluentd v1.1.0 and keep all others unchanged, there wasn’t any error message, and nor any strange messages any more, but it didn’t work. Fluentd can’t read any log entries any longer.
By the way, I tried fluentd v0.12.33 + fluentd-plugin-elasticsearch v1.13.0, and it did not work either.
So I have to use fluentd v0.12.33 as the base image, and install fluent-plugin-elasticsearch v2.5.0 in the end.
Can anyone share a workable Dockerfile based on fluentd v1.x + fluentd-plugin-elasticsearch v2.x?