Vector 是一个高速、可扩展的数据管道工具,用于收集、转换和传输日志、指标、事件等数据。它支持将不同来源的数据(如应用程序日志、系统指标等)聚合并发送到各种目标(如数据库、监控系统)。Vector 的优势在于其灵活的配置和高效的数据处理能力,使得用户能够轻松构建复杂的数据管道,并在流量高峰时确保系统稳定。
vector 安装 与 日志采集 - 简书 (jianshu.com)
部署Vector采集日志(docker 安装 vector)
1# 创建部署目录和docker-compose.yaml
mkdir -p /opt/vector/conf
cd /opt/vector
touch access_vector_error.log
wget GeoLite2-City.mmdb
docker-compose.yaml
cat <<-EOF > docker-compose.yaml
services:
vector:
image: registry.cn-shenzhen.aliyuncs.com/starsl/vector:0.41.1-alpine
container_name: vector
hostname: vector
restart: always
entrypoint: vector --config-dir /etc/vector/conf
ports:
- 8686:8686
volumes:
- /usr/local/openresty/nginx/logs:/nginx_logs # 这是需要采集的日志的路径需要挂载到容器内
- /opt/vector/access_vector_error.log:/tmp/access_vector_error.log
- /opt/vector/GeoLite2-City.mmdb:/etc/vector/GeoLite2-City.mmdb
- /opt/vector/conf:/etc/vector/conf
- /usr/share/zoneinfo/PRC:/etc/localtime
EOF
# conf目录采集配置
cd /opt/vector/conf
cat <<-EOF > vector.yaml
timezone: "Asia/Shanghai"
api:
enabled: true
address: "0.0.0.0:8686"
EOF
vi nginx-access.yaml
sources:
01_file_nginx_access:
type: file
include:
- /nginx_logs/access.log #nginx请求日志路径
transforms:
02_parse_nginx_access:
drop_on_error: true
reroute_dropped: true
type: remap
inputs:
- 01_file_nginx_access
source: |
.message = string!(.message)
if contains(.message,"\\x") { .message = replace(.message, "\\x", "\\\\x") }
. = parse_json!(.message)
.createdtime = to_unix_timestamp(now(), unit: "milliseconds")
.timestamp = to_unix_timestamp(parse_timestamp!(.timestamp , format: "%+"), unit: "milliseconds")
.url_list = split!(.url, "?", 2)
.path = .url_list[0]
.query = .url_list[1]
.path_list = split!(.path, "/", 3)
if length(.path_list) > 2 {.top_path = join!(["/", .path_list[1]])} else {.top_path = "/"}
.duration = round(((to_float(.responsetime) ?? 0) - (to_float(.upstreamtime) ?? 0)) ?? 0,3)
if .xff == "-" { .xff = .remote_ip }
.client_ip = split!(.xff, ",", 2)[0]
.ua = parse_user_agent!(.http_user_agent , mode: "enriched")
.client_browser_family = .ua.browser.family
.client_browser_major = .ua.browser.major
.client_os_family = .ua.os.family
.client_os_major = .ua.os.major
.client_device_brand = .ua.device.brand
.client_device_model = .ua.device.model
.geoip = get_enrichment_table_record("geoip_table", {"ip": .client_ip}) ?? {"city_name":"unknown","region_name":"unknown","country_name":"unknown"}
.client_city = .geoip.city_name
.client_region = .geoip.region_name
.client_country = .geoip.country_name
.client_latitude = .geoip.latitude
.client_longitude = .geoip.longitude
del(.path_list)
del(.url_list)
del(.ua)
del(.geoip)
del(.url)
sinks:
03_ck_nginx_access:
type: clickhouse
inputs:
- 02_parse_nginx_access
endpoint: http://10.7.0.26:8123 #clickhouse http接口
database: nginxlogs #clickhouse 库
table: nginx_access #clickhouse 表
auth:
strategy: basic
user: default #clickhouse 库
password: GlWszBQp #clickhouse 密码
compression: gzip
04_out_nginx_dropped:
type: file
inputs:
- 02_parse_nginx_access.dropped
path: /tmp/access_vector_error.log #解析异常的日志
encoding:
codec: json
enrichment_tables:
geoip_table:
path: "/etc/vector/GeoLite2-City.mmdb"
type: geoip
locale: "zh-CN"