Flume is a distributed(分布式地), reliable(可靠地),and available(可用地) service for efficiently collecting(收集), aggregating(聚合), and moving(移动) large amounts of log data. It has a simple and flexible architecture based on streaming data flows(在简单、灵活的架构).
- Flume: Choudera/Apache Java
- Scribe: Facebook C/C++ 不再维护
- Chukwa:Yahoo / Apache Java 不再维护
- Fluentd: Ruby
- Logstash: ELK(ElasticSearch,Kibana)
Apache开源社区问题跟踪:https://issues.apache.org
2)Channel:聚集,把数据存在某个地方(memory channel,File channel,kafka channel)
3)Sink:输出(hdfs,hive,avro,es,hbase,kafka)
安装Flume(archive.cloudera.com/cdh5/cdh/5/flume-ng-1.6.0-cdh5.7.0.tar.gz)
配置:flume-env.sh.template(在这里需要配置java_home) echo $JAVA_HOME
一个channel输出的sink只能有一个
需求1:从ssh中读入并输出
a1.sources = r1
a1.sinks = k1
a1.channels = c1# Describe/configure the source
a1.sources.r1.type = netcat
a1.sources.r1.bind = localhost
a1.sources.r1.port = 44444# Describe the sink
a1.sinks.k1.type = logger# Use a channel which buffers events in memory
a1.channels.c1.type = memory
a1.channels.c1.capacity = 1000
a1.channels.c1.transactionCapacity = 100# Bind the source and sink to the channel
a1.sources.r1.channels = c1
a1.sinks.k1.channel = c1
启动agent
启动后测试:telnet iz2zef94dnmkl8kf3l63r9z 44444
Event:{ headers:{ } body:68 65 6c 6c 6f 0D hello. }
Event是Flume数据传输的基本单元 ,Event = 可选的header + byte array
需求2:监控一个文件实时增加
exec source + memory channel + logger sink
# Name the components on this agent
a1.sources = r1
a1.sinks = k1
a1.channels = c1# Describe/configure the source
a1.sources.r1.type = exec
a1.sources.r1.command = tail -F /root/flume-test.log
a1.sources.r1.shell = /bin/sh -c# Describe the sink
a1.sinks.k1.type = logger# Use a channel which buffers events in memory
a1.channels.c1.type = memory
# Bind the source and sink to the channel
a1.sources.r1.channels = c1
a1.sinks.k1.channel = c1
需求3:A服务器的日志收集到B服务器(重点掌握)
机器A的Flume:exec source + memory channel + avro sink
机器B的Flume:avro source + memory channel + logger sink
(跨界点:Avro Sink,需要指定ip与端口,指定到Avro Source)
# Name the components on this agent
# Name the components on this agent
exec-memory-avro.sources = exec-source
exec-memory-avro.sinks = avro-sink
exec-memory-avro.channels = memory-channel# Describe/configure the source
exec-memory-avro.sources.exec-source.type = exec
exec-memory-avro.sources.exec-source.command = tail -F /root/flume-test.log
exec-memory-avro.sources.exec-source.shell = /bin/sh -c# Describe the sink
exec-memory-avro.sinks.avro-sink.type = avro
exec-memory-avro.sinks.avro-sink.hostname = localhost
exec-memory-avro.sinks.avro-sink.port = 44444# Use a channel which buffers events in memory
exec-memory-avro.channels.memory-channel.type = memory
# Bind the source and sink to the channel
exec-memory-avro.sources.exec-source.channels = memory-channel
exec-memory-avro.sinks.avro-sink.channel = memory-channel
# Name the components on this agent
avro-memory-logger.sources = avro-source
avro-memory-logger.sinks = logger-sink
avro-memory-logger.channels = memory-channel# Describe/configure the source
avro-memory-logger.sources.avro-source.type = avro
avro-memory-logger.sources.avro-source.bind = localhost
avro-memory-logger.sources.avro-source.port = 44444# Describe the sink
avro-memory-logger.sinks.logger-sink.type = logger
# Use a channel which buffers events in memory
avro-memory-logger.channels.memory-channel.type = memory
# Bind the source and sink to the channel
avro-memory-logger.sources.avro-source.channels = memory-channel
avro-memory-logger.sinks.logger-sink.channel = memory-channel
(1)先启动:avro-memory-logger,开启监听44444
(3)向文本中追加内容,查看输出
1236
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
