本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
此示例 Fluent Bit 配置文件
请注意以下几点:
-
host值必须是管道端点。例如pipeline-endpoint.us-east-1.osis.amazonaws.com -
aws_service值必须为osis。 -
该
aws_role_arn值是 AWS IAM 角色的 ARN,供客户端代入并用于签名版本 4 身份验证。
[INPUT] name tail refresh_interval 5 path /var/log/test.log read_from_head true [OUTPUT] Name http Match * Hostpipeline-endpoint.us-east-1.osis.amazonaws.com Port 443 URI /log/ingest Format json aws_auth true aws_regionus-east-1aws_service osis aws_role_arn arn:aws:iam::account-id:role/ingestion-roleLog_Level trace tls On
然后,您可以配置如下所示的 OpenSearch 采集管道,该管道以 HTTP 为源:
version: "2"
unaggregated-log-pipeline:
source:
http:
path: "/log/ingest"
processor:
- grok:
match:
log:
- "%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:network_node} %{NOTSPACE:network_host} %{IPORHOST:source_ip}:%{NUMBER:source_port:int} -> %{IPORHOST:destination_ip}:%{NUMBER:destination_port:int} %{GREEDYDATA:details}"
- grok:
match:
details:
- "'%{NOTSPACE:http_method} %{NOTSPACE:http_uri}' %{NOTSPACE:protocol}"
- "TLS%{NOTSPACE:tls_version} %{GREEDYDATA:encryption}"
- "%{NUMBER:status_code:int} %{NUMBER:response_size:int}"
- delete_entries:
with_keys: ["details", "log"]
sink:
- opensearch:
hosts: ["https://search-domain-endpoint.us-east-1.es.amazonaws.com"]
index: "index_name"
index_type: custom
bulk_size: 20
aws:
# IAM role that the pipeline assumes to access the domain sink
sts_role_arn: "arn:aws:iam::account-id:role/pipeline-role"
region: "us-east-1"