logstash_format true # 문제가 생겼을 때 재 연결하게 함 reconnect_on_error true reload_connections true request_timeout 20s flush_mode interval flush_interval 5s retry_max_times 10 retry_wait 3s chunk_limit_size 8MB queue_limit_length 128 # buffer가 꽉 찼을 때 멈추게 함 overflow_action block

오류[warn]: #0 failed to flush the buffer. retry_times=0 next_retry_time=2025-02-06 14:46:28 +0900 chunk="62d72c2b628c703009>조치 @type elasticsearch host elasticsearch-host port 9200 logstash_format true flush_mode interval flush_interval 5s retry_max_times 10 retry_wait 3s chunk_limit_size 8MB queue_limit_length 128

@type tail path /var/log/nginx/error.log pos_file /var/log/fluentd/nginx-error.log.pos tag nginx.error read_from_head true @type regexp expression /^(?\d{4}\/\d{2}\/\d{2} \d{2}:\d{2}:\d{2}) \[(?[^\]]+)\] (?\d+#\d+): (?.*)$/ time_key time time_format %Y/%m/%d %H:%M:%S # Step 2: If Level is "error", extract structured fields @type record_transformer enable_ruby true reque..

이 에러 때문에 개고생함[warn]: #0 dump an error event: error_class=Fluent::Plugin::ElasticsearchErrorHandler::ElasticsearchError error="400 - Rejected by Elasticsearch" location=nil tag="{tag}" time=2025-02-03 19:10:47.176780908 +0900 record={"request_id"=>"26567", .., "server_name"=>"test"}원인: Elasticsearch의 Index Templates에 에러와 관련된 Index 이름으로 Index Tempales이 등록되어 있었는데, 그것과 데이터 형식이 맞지 않아서 발생한 문제임결국 Elsti..

시스템 서비스 파일 생성sudo vi /etc/systemd/system/fluentd.servicefluentd.service[Unit]Description=Fluentd ServiceAfter=network.target[Service]# Run Fluentd as a non-root user if possible (create one if needed)User={user}Group={group}# Full path to the Fluentd executable and configuration fileExecStart=/usr/local/bin/fluentd -c {fleuntd.conf 파일}# Optional: restart if Fluentd crashesRestart=alwaysRestartSe..

plugin 설치fluent-gem install fluent-plugin-elasticsearchfluentd.conf 설정 @type tail # Tag all events from the Nginx access log with 'nginx.access' tag nginx.access # Path to your Nginx access log path /var/log/nginx/access.log # File to record the current reading position so Fluentd knows where to resume pos_file /var/log/td-agent/nginx-access.log.pos @type regexp # This regular exp..