对splunk-hec图像使用fluent-plugin-grok-parser
对splunk-hec图像使用fluent-plugin-grok-parser
提问于 2021-01-12 22:57:06
我正在尝试创建一个基于fluentd-hec镜像安装了grok-parser的镜像。
这是我正在使用的Dockerfile:
FROM splunk/fluentd-hec:1.2.4
USER root
RUN gem install fluent-plugin-grok-parser
RUN chown -R fluent:fluent /usr/local/share/gems/gems/fluent-plugin-grok-parser-*
USER fluent这是该构建的输出
Step 1/5 : FROM splunk/fluentd-hec:1.2.4
---> ac49b85acc6a
Step 2/5 : USER root
---> Running in 4ee81880e92a
Removing intermediate container 4ee81880e92a
---> e3748059e604
Step 3/5 : RUN gem install fluent-plugin-grok-parser
---> Running in 2a1debb084ec
Successfully installed bundler-2.2.5
Building native extensions. This could take a while...
Successfully installed msgpack-1.3.3
Building native extensions. This could take a while...
Successfully installed yajl-ruby-1.4.1
Building native extensions. This could take a while...
Successfully installed cool.io-1.7.0
Successfully installed sigdump-0.2.4
Successfully installed serverengine-2.2.2
Building native extensions. This could take a while...
Successfully installed http_parser.rb-0.6.0
Successfully installed concurrent-ruby-1.1.7
Successfully installed tzinfo-2.0.4
Successfully installed tzinfo-data-1.2020.6
Building native extensions. This could take a while...
Successfully installed strptime-0.2.5
Successfully installed fluentd-1.12.0
Successfully installed fluent-plugin-grok-parser-2.6.2
13 gems installed
Removing intermediate container 2a1debb084ec
---> c5155932810c
Step 4/5 : RUN chown -R fluent:fluent /usr/local/share/gems/gems/fluent-plugin-grok-parser-*
---> Running in 1c2550dcac74
Removing intermediate container 1c2550dcac74
---> 7e216a676427
Step 5/5 : USER fluent
---> Running in 5ee31ea2e78a
Removing intermediate container 5ee31ea2e78a
---> ea8bdee73ee5
Successfully built ea8bdee73ee5configmap的代码片段是:
@id snow
@type tail
@label @SPLUNK
tag tail.snow.*
path /opt/snow/data/*.log
pos_file /var/log/splunk-snow.log.pos
path_key source
<parse>
@type grok
grok_failure_key grokfailure
<grok>
pattern %{TIMESTAMP_ISO8601:time};%{SPACE}%{GREEDYDATA:log}
</grok>
</parse>
</source>当我使用新镜像部署一个守护进程时,我得到了错误config error file="/fluentd/etc/fluent.conf" error_class=Fluent::ConfigError error="Unknown parser plugin 'grok'. Run 'gem search -rd fluent-plugin' to find plugins",我已经在EKSv1.18和docker桌面上尝试过了,它们都有同样的问题。
为了使用额外的插件,我还需要在dockerfile中添加什么吗?
我非常感谢在这方面的任何帮助!
回答 1
Stack Overflow用户
发布于 2021-01-14 22:44:42
我已经重写了配置,所以没有使用grok,所以不再需要这个问题
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65686419
复制相关文章
相似问题
腾讯云开发者
