Flume-ng生产环境实践(四)实现log格式化interceptor

最新推荐文章于 2022-02-28 16:47:59 发布
最新推荐文章于 2022-02-28 16:47:59 发布
阅读量138 收藏
点赞数
文章标签: 大数据 运维 操作系统
续上篇,由于filesink中需要使用/data/log/%{dayStr}/log-%{hourStr}%{minStr}-这样文件格式的,为了使file-sink能使用%{dayStr}这样的标签,需要在数据传输过程中,给event的header中添加对应的键值对。在flume-ng中提供了很方便的方式: Interceptor
以下为实现的interceptor,首先使用正则表达式匹配nginx日志,如何匹配成功,则获取匹配到的数据,并且对url中的参数进行处理,最后所有日志信息都被存储在Map中。根据配置文件中需要输出的键找到对应的值,按照顺序输出为csv格式的行。
原始日志格式:
112.245.239.72 - - [29/Dec/2012:15:00:00 +0800] "GET /p.gif?a=1&b=2HTTP/1.1" 200 0 "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4
.0; 4399Box.1357; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTbPTV2/5.9.1.14019; 4399Box.1357)"

最终结果:
1,2
配置信息为:
agent.sources = source
agent.channels = channel
agent.sinks = sink

agent.sources.source.type = exec
#agent.sources.source.command = tail -n +0 -F /data/tmp/accesspvpb_2012-11-18.log
agent.sources.source.command = cat /opt/nginx/logs/vvaccess_log_pipe
agent.sources.source.interceptors = logformat

agent.sources.source.interceptors.logformat.type = org.apache.flume.interceptor.LogFormatInterceptor$Builder
agent.sources.source.interceptors.logformat.confpath = /usr/programs/flume/conf/logformat_vv.properties
agent.sources.source.interceptors.logformat.dynamicprop = true
agent.sources.source.interceptors.logformat.hostname = vv111
agent.sources.source.interceptors.logformat.prop.monitor.rollInterval = 100000
# The channel can be defined as follows.
agent.sources.source.channels = channel


agent.sinks.sink.type = avro
agent.sinks.sink.hostname = 192.168.0.100
agent.sinks.sink.port = 44444
agent.sinks.sink.channel = channel

# Each channel's type is defined.
agent.channels.channel.type = file
agent.channels.channel.checkpointDir = /data/tmpc/checkpoint
agent.channels.channel.dataDirs = /data/tmpc/data
agent.channels.channel.transactionCapacity = 15000

/usr/programs/flume/conf/logformat_vv.properties文件内容为:
keys=a,b
regexp=([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})\\s-\\s-\\s\\[([^]]+)\\]\\s\"GET\\s/p.gif\\?(.+)\\s.*\"\\s[0-9]+\\s[0-9]+\\s\"(.+)\"

interceptor的代码:
package org.apache.flume.interceptor;

import static org.apache.flume.interceptor.LogFormatInterceptor.Constants. CONF_PATH ;
import static org.apache.flume.interceptor.LogFormatInterceptor.Constants. DYNAMICPROP ;
import static org.apache.flume.interceptor.LogFormatInterceptor.Constants. DYNAMICPROP_DFLT ;
import static org.apache.flume.interceptor.LogFormatInterceptor.Constants. HOSTNAME ;
import static org.apache.flume.interceptor.LogFormatInterceptor.Constants. HOSTNAME_DFLT ;
import static org.apache.flume.interceptor.LogFormatInterceptor.Constants. PROPMONITORINTERVAL ;
import static org.apache.flume.interceptor.LogFormatInterceptor.Constants. PROPMONITORINTERVAL_DFLT ;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;

import org.apache.flume.Context;
import org.apache.flume.Event;
import org.apache.flume.event.EventBuilder;
import org.apache.oro.text.regex.MalformedPatternException;
import org.apache.oro.text.regex.MatchResult;
import org.apache.oro.text.regex.Pattern;
import org.apache.oro.text.regex.PatternCompiler;
import org.apache.oro.text.regex.PatternMatcher;
import org.apache.oro.text.regex.Perl5Compiler;
import org.apache.oro.text.regex.Perl5Matcher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class LogFormatInterceptor implements Interceptor{

private static final Logger logger = LoggerFactory
.getLogger(LogFormatInterceptor. class );

private String conf_path = null ;
private boolean dynamicProp = false ;
private String hostname = null ;

private long propLastModify = 0;
private long propMonitorInterval ;

private String regexp = null ;
private List<String> keys = null ;

private Pattern pattern = null ;
private PatternCompiler compiler = null ;
private PatternMatcher matcher = null ;
private SimpleDateFormat sdf = null ;
private SimpleDateFormat sd = null ;
private SimpleDateFormat sh = null ;
private SimpleDateFormat sm = null ;
private SimpleDateFormat sdfAll = null ;

private long eventCount = 0l;

public LogFormatInterceptor(String conf_path, boolean dynamicProp,
String hostname, long propMonitorInterval) {
this . conf_path = conf_path;
this . dynamicProp = dynamicProp;
this . hostname = hostname;
this . propMonitorInterval = propMonitorInterval;
}

@Override
public void close() {

}

@Override
public void initialize() {
try {
// 读取配置文件,初始化正在表达式和输出的key列表
File file = new File( conf_path );
propLastModify = file.lastModified();
Properties props = new Properties();
FileInputStream fis;
fis = new FileInputStream(file);
props.load(fis);
regexp = props.getProperty( "regexp" );
String strKey = props.getProperty( "keys" );
if (strKey != null ) {
String[] strkeys = strKey.split( "," );
keys = new LinkedList<String>();
for (String key : strkeys) {
keys .add(key);
}
}
if ( keys == null ) {
logger .error( "====================keys is null====================" );
} else {
logger .info( "keys=" + keys );
}
if ( regexp == null ) {
logger .error( "====================regexp is null====================" );
} else {
logger .info( "regexp=" + regexp );
}

// 初始化正在表达式以及时间格式化类
compiler = new Perl5Compiler();
pattern = compiler .compile( regexp );
matcher = new Perl5Matcher();

sdf = new SimpleDateFormat( "dd/MMM/yyyy:HH:mm:ss Z" ,
java.util.Locale. US );
sd = new SimpleDateFormat( "yyyyMMdd" );
sh = new SimpleDateFormat( "HH" );
sm = new SimpleDateFormat( "mm" );
sdfAll = new SimpleDateFormat( "yyyyMMddHHmmss" );

} catch (MalformedPatternException e) {
logger .error( "Could not complile pattern!" , e);
} catch (FileNotFoundException e) {
logger .error( "conf file is not found!" , e);
} catch (IOException e) {
logger .error( "conf file can not be read!" , e);
}
}

@Override
public Eventintercept(Event event) {
++ eventCount ;
try {
if ( dynamicProp && eventCount > propMonitorInterval ) {
File file = new File( conf_path );
if (file.lastModified() > propLastModify ) {
propLastModify = file.lastModified();
Properties props = new Properties();
FileInputStream fis;
fis = new FileInputStream(file);
props.load(fis);
String strKey = props.getProperty( "keys" );
if (strKey != null ) {
String[] strkeys = strKey.split( "," );
List<String> keystmp = new LinkedList<String>();
for (String key : strkeys) {
keystmp.add(key);
}
if (keystmp.size() > keys .size()) {
keys = keystmp;
logger .info( "dynamicProp status updated = " + keys );
} else {
logger .error( "dynamicProp status new keys size less than old,so status update fail = "
+ keys );
}
} else {
logger .error( "dynamicProp status get keys fail ,so status update fail = "
+ keys );
}

}
}

Map<String, String> headers = event.getHeaders();
headers.put( "host" , hostname );
String body = new String(event.getBody());
if ( pattern != null ) {
StringBuffer stringBuffer = new StringBuffer();
Date date = null ;
Map<String, String> index = new HashMap<String, String>();
if ( matcher .contains(body, pattern )) {
index.put( "host" , hostname );
MatchResult result = matcher .getMatch();
index.put( "ip" , result.group(1));
try {
date = sdf .parse(result.group(2));
index.put( "loc_time" , sdfAll .format(date));
} catch (ParseException e1) {

}
String url = result.group(3).replaceAll( "," , "|" );
String[] params = url.split( "&" );
for (String param : params) {
String[] p = param.split( "=" );
if (p. length == 2) {
index.put(p[0], p[1]);
}
}
index.put( "browser" , result.group(4).replaceAll( "," , "|" ));
for (String key : keys ) {
if (index.containsKey(key)) {
stringBuffer.append(index.get(key) + "," );
} else {
stringBuffer.append( "~," );
}
}
if (stringBuffer.length() > 0) {
stringBuffer.deleteCharAt(stringBuffer.length() - 1);
} else {
stringBuffer.append( "error=" + body);
}

if (date != null ) {
headers.put( "dayStr" , sd .format(date));
headers.put( "hourStr" , sh .format(date));
Integer m = Integer.parseInt( sm .format(date));
String min = "" ;
if (m >= 0 && m < 10) {
min = "0" + (m / 5) * 5;
} else {
min = (m / 5) * 5 + "" ;
}
headers.put( "minStr" , min);
} else {
headers.put( "dayStr" , "errorLog" );
}
Event e = EventBuilder.withBody(stringBuffer.toString()
.getBytes(), headers);
return e;
}
}
} catch (Exception e) {
logger .error( "LogFormat error!" , e);
}
return null ;
}

@Override
public List<Event>intercept(List<Event> events) {
List<Event> list = new LinkedList<Event>();
for (Event event : events) {
Event e = intercept(event);
if (e != null ) {
list.add(e);
}
}
return list;
}

/**
* Builder which builds new instances of the HostInterceptor.
*/
public static class Builder implements Interceptor.Builder {

private String confPath ;
private boolean dynamicProp ;
private String hostname ;
private long propMonitorInterval ;

@Override
public Interceptor build() {
return new LogFormatInterceptor( confPath , dynamicProp , hostname ,
propMonitorInterval );
}

@Override
public void configure(Context context) {
confPath = context.getString( CONF_PATH );
dynamicProp = context.getBoolean( DYNAMICPROP , DYNAMICPROP_DFLT );
hostname = context.getString( HOSTNAME , HOSTNAME_DFLT );
propMonitorInterval = context.getLong( PROPMONITORINTERVAL ,
PROPMONITORINTERVAL_DFLT );
}

}

public static class Constants {

public static String CONF_PATH = "confpath" ;

public static String DYNAMICPROP = "dynamicprop" ;
public static boolean DYNAMICPROP_DFLT = false ;

public static String HOSTNAME = "hostname" ;
public static String HOSTNAME_DFLT = "hostname" ;

public static String PROPMONITORINTERVAL = "prop.monitor.rollInterval" ;
public static long PROPMONITORINTERVAL_DFLT = 500000l;

}

}
至此,获取nginx日志,进行格式化清洗,传输到collector机器,按照格式化的目录和文件名进行输出全部完成。
冷峰的空间
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
LogInterceptor.java
05-16
okhttp的拦截器,已打印请求方式,请求参数,请求头,请求地址,返回code,返回数据等,其他的可以自己添加
编写日志Interceptor,结合自定义注解
yudilan6的专栏
08-07 469
1.自定义注解Log import java.lang.annotation.*; /** * description: 操作日志记录 * @author dongqing * 2021/8/7 12:35 * * @version 1.0.0 */ @Target({ElementType.METHOD}) //如果不写,默认为RetentionPolicy.CLASS,另外源注解上的Retention对本注解无效 @Retention(RetentionPolicy.RUNTIME)
5-8 SpringBoot拦截器的使用
孤注一掷的博客
02-28 584
配置拦截器,打印接口耗时 新建: @Component public class LogInterceptor implements HandlerInterceptor { private static final Logger LOG = LoggerFactory.getLogger(LogInterceptor.class); @Override public boolean preHandle(HttpServletRequest request, H
Flume原理解析
weixin_34160277的博客
05-12 98
Flume原理解析阅读目录(Content)一、Flume简介二、Flume特点三、Flume的一些核心概念3.1、Agent结构  3.2、source3.3、Channel3.4、SinkFlume拦截器、数据流以及可靠性4.1、Flume拦截器4.2、Flume数据流4.3、Flume可靠性五、Flume使用场景5.1、多个agent顺序连接5.2、多个Agent的...
flume+kafka nginx日志系统搭建完整流程
Leon的博客
11-03 1431
Apache Flume + Zookeeper + Fafka中间件 + 持久化存储 。用 Apache Flume 获取 nginx 日志,设置 sources 为 tail -f access-log,设置 sink 为 kafka 集群 ,从kafka 中取数据 结果存入 redis/mongo/es ,提供 API查询 Nginx 日志 format 修改
Flume-ng-1.6.0-cdh.zip
04-08
Flume-ng-1.6.0-cdh.zip 内压缩了 3 个项目,分别为:flume-ng-1.6.0-cdh5.5.0.tar.gz、flume-ng-1.6.0-cdh5.7.0.tar.gz 和 flume-ng-1.6.0-cdh5.10.1.tar.gz,选择你需要的版本。
Flume-ng在windows环境搭建并测试+log4j日志通过Flume输出到HDFS.docx
06-10
Flume-ng在windows环境搭建并测试+log4j日志通过Flume输出到HDFS 11111
flume-ng-sql-source-release-1.5.2.zip
06-26
flume-ng-sql-source-release-1.5.2.jar 用flume-ng-sql-source 从数据库抽取数据到kafka,支持sql
flume-ng-log4jappender:定制log日志重定向到flume-ng
06-18
修改flume-ng-clients内源码,以便上传定制的log信息。 主要修改:在发送数据到flume-ng sink当中, header中添加主机名,服务名和时间戳信息. 后续会增加,对log的重新修改。
flume-ng-sql-source-1.5.3.jar
11-26
flume-ng-sql-source-1.5.3.jar,flume采集mysql数据jar包,将此文件拖入FLUME_HOME/lib目录下,如果是CM下CDH版本的flume,则放到/opt/cloudera/parcels/CDH-xxxx/lib/flume-ng/lib下,同样需要的包还有mysql-...
okhttp日志拦截器LoggingInterceptor
热门推荐
码农的成长
12-07 1万+
okhttp是目前使用及其广泛的android网络框架,可以由使用者高度定制,这是该框架最大的优势之一。okhttp的用法,就不在此累述了,今天给大家分享一下给okhttp添加日志拦截,打印的方法。先上代码:public class LoggingInterceptor implements Interceptor { @Override public Response inter
LogInterceptor 面向切面编程进行记录每个请求方法的响应时间
喜欢猪猪
08-13 1273
前言: 最近在搭建一个api的项目,由于在是由于的过程中,遇到cpu时间过高以及接口需要响应时间优化的问题,特意做了 一下时间统计的日志 代码 /** * @title: LogInterceptor * @Author like.ma * @Date: 2020-08-13 11:54 * @Version 1.0 */ @Aspect @Component public class LogInterceptor { /** * 环绕切面,记录service.impl下的所有...
spring mvc 使用拦截器interceptor和自定义Log实现持久层记录日志
I__Rookie的博客
03-17 6237
首先spring记录日志我所知道的有两种,一种是通过AOP,另一种是通过拦截器interceptor,我这次选择的是拦截器interceptor: 1.spring-mvc.xml文件中配置拦截器, <!-- 装配拦截器 --> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**/*
HttpLoggingInterceptor 拦截的log信息为unicode字符时的解决办法
BigManing的博客
09-07 5604
HttpLoggingInterceptor 拦截的log信息为unicode字符时的解决办法
Android 网络框架 HttpLoggingInterceptor优化
baiiu
09-11 8656
前言本篇文章提供了一个打印日志工具类,是基于凯子哥的KLog,对OkHttpHttpLoggingInterceptor做了小幅修改,使得打印出来的json语句更便于阅读,方便排查问题。 使用 1. 使用在初始化OkHttp时使用HttpLoggingInterceptorM类,我对原有的HttpLoggingInterceptor 做了一些小修改,使其更方便调用 LogUtil。然后在直接调用时就会在Monit
flume的intercepter作数据格式转换和清洗
bottle123的专栏
07-18 8840
最近在工作中,用到spark streaming做数据解析和实时的数据计算,由于数据量比较大,而计算资源有限,spark的处理性能总是跟不上。观察之后发现,数据格式的解析占用了大量时间。整个数据的流程是nginx -> flume -> kafka -> spark,除了数据量较大,spark 无法及时处理之外,还存在kafka各个partition的数据分布不均衡,spark的job只有少数几个
Flume自定义拦截器(Interceptors)或自带拦截器时的一些经验技巧总结(图文详解)...
weixin_34293246的博客
07-27 740
         不多说,直接上干货!   一、自定义拦截器类型必须是:类全名$内部类名,其实就是内部类名称   如:zhouls.bigdata.MySearchAndReplaceInterceptor$Builder 二、为什么这样写   至于为什么这样写:是因为Interceptor接口还有一个 公共的内部接口(Builder) ,所以自定义拦截器 要是实现 Build...
OkHttp Log Interceptor
weixin_33953384的博客
06-29 361
为什么80%的码农都做不了架构师?>>> ...
flume使用之flume+hive 实现日志离线收集、分析
赶路人儿
09-29 9935
在如今互联网行业中,数据的收集特别是日志数据的收集已经成为了系统的标配。将用户行为日志或者线上系统生产的数据通过flume收集起来,存放到数据仓库(hive)中,然后离线通过sql进行统计分析,这一套数据流的建设对系统有非常重要的意义。   1、思路: 1)线上系统通过log4j将数据打印到本地磁盘上; 2)在线上系统服务器上安装flume,作为agent使用exec source将线上系...
添加flume相关的依赖,如flume-ng-sdk、avro和log4j
最新发布
06-10
<artifactId>flume-ng-sdk <version>1.9.0 <groupId>org.apache.flume.flume-ng-configuration <artifactId>flume-ng-configuration <version>1.9.0 <groupId>org.apache.flume.flume-ng-core ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值