本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
搭配 Fluent Bit 使用 OpenSearch 擷取管道
此範例 Fluent Bit 組態檔案
請注意以下內容:
- 
                host值必須是您的管道端點。例如pipeline-endpoint.us-east-1osis.amazonaws.com
- 
                aws_service值必須為osis。
- 
                此 aws_role_arn值是用戶端擔任和用於 Signature AWS 第 4 版身分驗證的 IAM 角色 ARN。
[INPUT] name tail refresh_interval 5 path /var/log/test.log read_from_head true [OUTPUT] Name http Match * Hostpipeline-endpoint.us-east-1osis.amazonaws.com Port 443 URI /log/ingest Format json aws_auth true aws_regionregionaws_service osis aws_role_arn arn:aws:iam::account-id:role/ingestion-roleLog_Level trace tls On
然後,您可以設定 OpenSearch Ingestion 管道,如下所示,其具有 HTTP 作為來源:
version: "2" unaggregated-log-pipeline: source: http: path: "/log/ingest" processor: - grok: match: log: - "%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:network_node} %{NOTSPACE:network_host} %{IPORHOST:source_ip}:%{NUMBER:source_port:int} -> %{IPORHOST:destination_ip}:%{NUMBER:destination_port:int} %{GREEDYDATA:details}" - grok: match: details: - "'%{NOTSPACE:http_method} %{NOTSPACE:http_uri}' %{NOTSPACE:protocol}" - "TLS%{NOTSPACE:tls_version} %{GREEDYDATA:encryption}" - "%{NUMBER:status_code:int} %{NUMBER:response_size:int}" - delete_entries: with_keys: ["details", "log"] sink: - opensearch: hosts: ["https://search-domain-endpoint.us-east-1es.amazonaws.com"] index: "index_name" index_type: custom bulk_size: 20 aws: region: "region"