- Data Collection
- Introduction
- 1. Overview
-
2.
Use Cases
- 2.1. Centralized App Logging
- 2.2. Log Management & Search
- 2.3. Secure Log Forwarding
- 2.4. Log Filtering and Alerting
- 2.5. Big Data Analytics
- 2.6. Data Archiving to S3
- 2.7. Data Collection to MongoDB
- 2.8. Data Collection to HDFS
- 2.9. Data Collection to Riak
- 2.10. Windows Data Collection
- 2.11. Raspberry Pi Data Collection
- 2.12. GlusterFS Data Collection
- 2.13. Fluentd and Norikra
-
3.
Configuration
- 3.1. Configuration file
- 3.2. Common Log Formats
- 3.3. Apache Logs to Elasticsearch
- 3.4. Apache Logs to MongoDB
- 3.5. Apache Logs to S3
- 3.6. Apache Logs to Treasure Data
- 3.7. Cloudstack to MongoDB
- 3.8. CSV to Elasticsearch
- 3.9. CSV to MongoDB
- 3.10. CSV to S3
- 3.11. CSV to Treasure Data
- 3.12. HTTP to Elasticsearch
- 3.13. HTTP to MongoDB
- 3.14. HTTP to S3
- 3.15. HTTP to Treasure Data
- 3.16. Nginx to Elasticsearch
- 3.17. Nginx to MongoDB
- 3.18. Nginx to S3
- 3.19. Nginx to Treasure Data
- 3.20. Syslog to Elasticsearch
- 3.21. Syslog to MongoDB
- 3.22. Syslog to S3
- 3.23. Syslog to Treasure Data
- 3.24. TSV to S3
- 3.25. TSV to Elasticsearch
- 3.26. TSV to MongoDB
- 3.27. TSV to Treasure Data
- 3.28. JSON to Elasticsearch
- 3.29. JSON to MongoDB
- 3.30. JSON to S3
- 3.31. JSON to TreasureData
- 4. Deployment
- 5. Input Plugins
- 6. Output Plugins
- 7. Buffer Plugins
- 8. Filter Plugins
- 9. Parser Plugins
- 10. Formatter Plugins
- 11. Developer
Store Apache Logs into Riak
This article explains how to use Fluentd’s Riak Output plugin (out_riak) to aggregate semi-structured logs in real-time.
Prerequisites
- An OSX or Linux machine
- Fluentd is installed (installation guide)
- Riak is installed
- An Apache web server log
Installing the Fluentd Riak Output Plugin
The Riak output plugin is used to output data from a Fluentd node to a Riak node.
Rubygems Users
Rubygems users can run the command below to install the plugin:
$ gem install fluent-plugin-riak
td-agent Users
If you are using td-agent, run following command to install the Riak output plugin.
- td-agent v2:
/usr/sbin/td-agent-gem install fluent-plugin-riak - td-agent v1: `/usr/lib/fluent/ruby/bin/fluent-gem install fluent-plugin-riak
Configuring Fluentd
Create a configuration file called fluent.conf and add the following lines:
<source>
type tail
format apache2
path /var/log/apache2/access_log
pos_file /var/log/fluentd/apache2.access_log.pos
tag riak.apache
</source>
<match riak.**>
type riak
buffer_type memory
flush_interval 5s
retry_limit 5
retry_wait 1s
nodes localhost:8087 # Assumes Riak is running locally on port 8087
</match>
The <source>...</source> section tells Fluentd to tail an Apache2-formatted log file located at /var/log/apache2/access_log. Each line is parsed as an Apache access log event and tagged with the riak.apache label.
The <match riak.**>...</match> section tells Fluentd to look for events whose tags start with riak. and send all matches to a Riak node located at localhost:8087. You can send events to multiple nodes by writing nodes host1 host2 host3 instead.
Testing
Launch Fluentd with the following command:
$ fluentd -c fluentd.conf
NOTE: Please confirm that you have the file access permissions to (1) read the Apache log file and (2) write to /var/log/fluentd/apache2.access_log.pos (sudo-ing might help).
You should now see data coming into your Riak cluster. We can make sure that everything is running smoothly by hitting Riak's HTTP API:
$ curl http://localhost:8098/buckets/fluentlog/keys?keys=true
{"keys":["2014-01-23-d30b0698-b9de-4290-b8be-a66555497078", ...]}
$ curl http://localhost:8098/buckets/fluentlog/keys/2014-01-23-d30b0698-b9de-4290-b8be-a66555497078
[
{
"tag": "riak.apache",
"time": "2004-03-08T01:23:54Z",
"host": "64.242.88.10",
"user": null,
"method": "GET",
"path": "/twiki/bin/statistics/Main",
"code": 200,
"size": 808,
"referer": null,
"agent": null
}
]
There it is! (the response JSON is formatted for readability)