[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Go to Qiita Advent Calendar 2024 Top
LoginSignup
17
16

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@mazgi(Hidenori MATSUKI)in株式会社ディー・エヌ・エー

#Fluentd + #Norikra でaccess.logとかdstatを扱うめも

Posted at

あとでblog書く、たぶん。
とりあえず途中経過メモ。

nginxの設定

LTSVで扱いたいのでこちらを参考にこんな設定ファイル書いて、

# cat /etc/nginx/log_format.conf 
log_format ltsv 'time:$time_iso8601'
  '\tremote_addr:$remote_addr'
  '\trequest_method:$request_method'
  '\trequest_length:$request_length'
  '\trequest_uri:$request_uri'
  '\thttps:$https'
  '\turi:$uri'
  '\tquery_string:$query_string'
  '\tstatus:$status'
  '\tbytes_sent:$bytes_sent'
  '\tbody_bytes_sent:$body_bytes_sent'
  '\treferer:$http_referer'
  '\tuseragent:$http_user_agent'
  '\tforwardedfor:$http_x_forwarded_for'
  '\trequest_time:$request_time'
  '\tupstream_response_time:$upstream_response_time'
;

nginx.confでincludeする。

# grep log_format.conf /etc/nginx/nginx.conf 
  include /etc/nginx/log_format.conf;

対象のスコープでこんな感じに指定。

# grep ltsv /etc/nginx/conf.d/default.conf 
  access_log /var/log/path/to/nginx/access.log ltsv;

fluentdの設定

とりあえずこんな感じ。
まだ試験段階なので各種intervalは短め。

access.logの整数や少数で扱いたい(==String以外)項目はtypesディレクティブで指定する

# cat /etc/td-agent/td-agent.conf
<source>
  type tail
  format ltsv
  tag com.example.srv01.nginx.access
  types request_length:integer,status:integer,bytes_sent:integer,body_bytes_sent:integer,request_time:float,upstream_response_time:float
  path /var/log/path/to/nginx/access.log
  pos_file /var/log/td-agent/nginx/access.log.pos
</source>

<source>
  type dstat
  tag com.example.srv01.dstat
  delay 10
</source>

<match com.example.srv01.**>
  type secure_forward
  shared_key SECURE_FORWARD_PASS
  self_hostname srv01.example.com
  flush_interval 10s
  <server>
    host collector.example.com
    port 24284
  </server>
</match>

norikraのクエリ

fluent-plugin-dstatの出力がこんな感じのJSONなのでちょっと悩んだ。

{
    "dstat": {
        "cpu0 usage": {
            "hiq": "0.0", 
            "idl": "12.345", 
            "siq": "1.234", 
            "sys": "2.3345", 
            "usr": "34.567", 
            "wai": "0.0"
        }, 
        "dsk/sda": {
            "read": "0.0", 
            "writ": "1234.500"
        }, 
        "memory usage": {
            "buff": "142844.0", 
            "cach": "227464.0", 
            "free": "16268.0", 
            "used": "2039700.0"
        }, 
        "net/dummy0": {
            "recv": "0.0", 
            "send": "0.0"
        }
    }, 
    "hostname": "srv01"
}

けどnorikra作者のモリスさんにそのまま扱えると教えていただいて、なんとそのまま扱えてしまった。

select avg(Float.valueOf(dstat.cpu0_usage.usr)) from TARGET_NAME.win:time_batch(1 min)

みたいに書けてすばらしい!

17
16
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
17
16

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?