01 架构搭建
搭建vector 和 openobserve¶
- vector: 负责日志采集
- openobserve : 负责日志展示
1.0 搭建openobserve¶
参考官方文档:https://openobserve.ai/docs/
1、 使用 docker-compose 搭建, docker-compose.yml 文件配置如下
services:
openobserve:
image: dockerhub.testcmzhu.cn:5000/3rdpartyimages/public.ecr.aws/zinclabs/openobserve:latest
deploy:
resources:
limits:
cpus: '2'
memory: 4Gi
reservations:
cpus: '0.25'
memory: 200M
restart: unless-stopped
environment:
ZO_ROOT_USER_EMAIL: "root@example.com"
ZO_ROOT_USER_PASSWORD: "Complexpass#123"
ports:
- "5080:5080"
volumes:
- ${PWD}/data:/data
networks:
- openobserve
networks:
openobserve:
driver: bridge
2、 使用docker-compose 命令启动服务
$ docker-compose up -d
3、 检查服务运行
# 检查容器是否正常运行
$ docker-compose ps
# 检查端口状态
$ telnet 127.0.0.1 5080
# 浏览器访问该服务
2.0 搭建 vector 采集服务器¶
参考文档: https://vector.dev/docs/setup/installation/platforms/docker/
1、部署使用的docker-compose.yml
---
version: '3.1'
services:
vector:
image: dockerhub.testcmzhu.cn:5000/3rdpartyimages/docker.io/timberio/vector:0.40.0-debian
volumes:
- ${PWD}/vector.yaml:/etc/vector/vector.yaml:ro
- ${PWD}/services/logs:/var/lib/service/logs:ro
- ${PWD}/service2/logs:/var/lib/service2/logs:ro
ports:
- "8686:8686"
privileged: true
deploy:
resources:
limits:
cpus: '0.5'
memory: 500M
reservations:
cpus: '0.25'
memory: 200M
restart: always
container_name: vector
networks:
- vector
networks:
vector:
driver: bridge
2、 为vector 准备的配置文件如下, vector.yaml , 并将其和docker-compose.yaml 放置在同一个文件夹下
api:
enabled: true
address: 0.0.0.0:8686
sources:
demo_logs:
type: demo_logs
interval: 1
format: json
cmzhu_log_file_source:
type: "file"
include:
- "/var/lib/service/logs/auto-testing-platform-error.log" # supports globbing
ignore_older_secs: 8640
transforms:
# 用于合并没有日期的行,将没有日期的行合并到上一个有日期的行,合并为同一条数据
cmzhu_log_file_transform_reduce:
inputs:
- cmzhu_log_file_source
type: reduce
starts_when: match(string!(.message), r'^[0-9]{4}-[0-9]{2}-[0-9]{2}')
# 这里的配置可能需要根据你的需求进行调整
expire_after_ms: 10000 # 10秒后,如果没有新的日志行,事件会过期
flush_period_ms: 10000 # 强制每10秒将当前事件输出
max_events: 500 # 最多合并500个事件
merge_strategies:
message: "concat_newline"
# 处理日期, 将tampstamp 配置修改为日志文件的日期
cmzhu_log_file_transform_remap:
inputs:
- cmzhu_log_file_transform_reduce
type: remap
source: |
match = parse_regex!(.message, r'(?P<date>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})')
# 提取日期字符串并将其转换为 timestamp
.timestamp = parse_timestamp!(match.date, format: "%Y-%m-%d %H:%M:%S")
.timestamp_end = parse_timestamp!(match.date, format: "%Y-%m-%d %H:%M:%S")
sinks:
console:
inputs:
- cmzhu_log_file_transform_remap
target: stdout
type: console
encoding:
codec: json
openobserve_log_sink:
type: "http"
inputs:
- cmzhu_log_file_transform_remap
uri: "http://127.0.0.1:5080/api/default/openobserve_log/_json"
method: "post"
auth:
strategy: "basic"
user: "root@example.com"
password: "Complexpass#123"
encoding:
codec: json
compression: "gzip"
healthcheck:
enabled: false
3、 使用docker-compose 命令启动服务
$ docker-compose up -d
4、 检查服务运行
# 检查容器是否正常运行
$ docker-compose ps
或者直接去openobserve 中去访问查看日志