nginx(複数) → fluentd → fluentd → elasticsearch → kibanaをするメモ

#nginx #fluentd #elasticsearch #kibana

前提：受信側(esとかkibanaとかある方)はdockerを使います

repo：https://github.com/Ras96/isucon-dashboard (今はprivate)

先にes,kibanaを立てたけどfluentd先にやった方がよかったかも

https://github.com/Ras96/isucon-dashboard/commit/918a77c47e6a7b45a61ea37ee41d396681ba218b

f→fは@type forwardってのを使うといいらしい

受信側でずっと書き込みエラー出てた

code:log

server-fluentd-1 | 2022-06-10 02:21:14 +0000 error: config error file="/fluentd/etc/fluent_receiver.conf" error_class=Fluent::ConfigError error="out_file: /var/log/fluentd/access_log.20220610_**.log is not writable"

fluentdの設定を path /var/log/fluentd/access_logにしてるのがよくなくてpath /fluentd/log/access_logにすることで解決(/fluentd/logは最初から用意されているので)

参考：https://github.com/fluent/fluentd-docker-image/blob/4b0aa64fc07f8510d4b2886b3270649a31901b77/v1.14/debian/Dockerfile#L45-L50

というかvolumeでマウントするとだめらしい

とりあえず送信側をいい感じに実装した

https://github.com/Ras96/isucon-dashboard/commit/c19b0004e22b315986ff6f9fd1548536f4a86c1c

受信側を実装する

エラー出た：max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

https://mebee.info/2020/04/13/post-9135/

手元のPCでやると死ぬ予感がする

fluentdからhttpでesに飛ばしてるのでエラーが出る

code:log

server-fluentd-1 | 2022-06-10 06:00:26 +0000 warn: #0 Could not communicate to Elasticsearch, resetting connection and trying again. EOFError (EOFError)

server-fluentd-1 | 2022-06-10 06:00:26 +0000 warn: #0 Remaining retry: 11. Retry to communicate after 16 second(s).

server-es-1 | {"type": "server", "timestamp": "2022-06-10T06:00:26,053Z", "level": "WARN", "component": "o.e.x.s.t.n.SecurityNetty4HttpServerTransport", "cluster.name": "docker-cluster", "node.name": "es", "message": "received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/192.168.64.3:9200, remoteAddress=/192.168.64.4:50978}", "cluster.uuid": "4y0Jj6pgSUWU2mrxEm6Z2Q", "node.id": "wrivqxLqTHS8xX7lvTZuyQ" }

esがhttpsを要求してるのでそれはそうだった

docker-compose.ymlに書いた設定も公式をコピペしただけなのでちゃんと考える

dockercomposeのfluentdのenviromentsに

code:yml

- SSL_CERT_FILE=/fluentd/certs/ca/ca.crt

を書いたら通った、なんでここだけ環境変数なんだ、、

Action/metadata line [1] contains an unknown parameter [_type]というエラーが出る

suppress_type_name trueをつけると治るらしい

治らないが

全部7.13に下げたら治った

8にあげたいので上げる

8.2.2だと

code:log

fluentd | 2022-06-11 02:44:52 +0000 error: #0 config error file="/fluentd/etc/fluent_receiver.conf" error_class=Fluent::ConfigError error="Using Elasticsearch client 8.2.2 is not compatible for your Elasticsearch server. Please check your using elasticsearch gem version and Elasticsearch server."

のエラーがずっと出るので無理やり

code:fluent.conf

default_elasticsearch_version 8.2.2

verify_es_version_at_startup false

をしたけど多分あんまりよくない

https://github.com/uken/fluent-plugin-elasticsearch/issues/847

The client noticed that the server is not Elasticsearch and we do not support this unknown productがでた

メモ

code:log

{"type": "deprecation.elasticsearch", "timestamp": "2022-06-24T02:11:35,172Z", "level": "DEPRECATION", "component": "o.e.d.c.m.IndexNameExpressionResolver", "cluster.name": "docker-cluster", "node.name": "es", "message": "this request accesses system indices: .async-search, .security-7, .tasks, but in a future major version, direct access to system indices will be prevented by default", "x-opaque-id": "d2bfaa71-48b5-4c76-ab3d-2a882519eec6", "cluster.uuid": "soFgmhv0S--RbOxObtjRKw", "node.id": "6CX-IZ1aQECx0KzhXT8ymw" }

その後なんやかんやあってfluentd(ruby製)をfluent-bit(C製)にしました

そのメモはどこかで、、、