Search code examples
fluentdefk

FluentD forward logs from kafka to another fluentD

I need to send my application logs into a FluentD which is part of an EFK service. so I tried to config another FluentD to do that.

my-fluent.conf:

<source>
  @type kafka_group
  consumer_group cgrp
  brokers "#{ENV['KAFKA_BROKERS']}"
  scram_mechanism sha512
  username "#{ENV['KAFKA_USERNAME']}"
  password "#{ENV['KAFKA_PASSWORD']}"
  ssl_ca_certs_from_system true
  topics "#{ENV['KAFKA_TOPICS']}"
  format json
</source>
<filter TOPIC>
  @type parser
  key_name log 
  reserve_data false
  <parse>
    @type json
  </parse>
</filter>
<match TOPIC>
  @type copy
  <store>
    @type stdout
  </store>
  <store>
    @type forward
    <server>
      host "#{ENV['FLUENTD_HOST']}"
      port "#{ENV['FLUENTD_PORT']}"
      shared_key "#{ENV['FLUENTD_SHARED_KEY']}"
    </server>
  </store>
</match>

I am able to see the output of stdout correctly

2021-07-06 07:36:54.376459650 +0000 TOPIC: {"foo":"bar", ...}

But I'm unable to see the logs from kibana. after tracing I figured it out that the second fluentd is throwing error when receiving data:

{"time":"2021-07-05 11:21:41 +0000","level":"error","message":"unexpected error on reading data host="X.X.X.X" port=58548 error_class=MessagePack::MalformedFormatError error="invalid byte"","worker_id":0} {"time":"2021-07-05 11:21:41 +0000","level":"error","worker_id":0,"message":"/usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.2/lib/fluent/plugin/in_forward.rb:262:in feed_each'\n/usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.2/lib/fluent/plugin/in_forward.rb:262:in block (2 levels) in read_messages'\n/usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.2/lib/fluent/plugin/in_forward.rb:271:in block in read_messages'\n/usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.2/lib/fluent/plugin_helper/server.rb:613:in on_read_without_connection'\n/usr/lib/ruby/gems/2.7.0/gems/cool.io-1.7.1/lib/cool.io/io.rb:123:in on_readable'\n/usr/lib/ruby/gems/2.7.0/gems/cool.io-1.7.1/lib/cool.io/io.rb:186:in on_readable'\n/usr/lib/ruby/gems/2.7.0/gems/cool.io-1.7.1/lib/cool.io/loop.rb:88:in run_once'\n/usr/lib/ruby/gems/2.7.0/gems/cool.io-1.7.1/lib/cool.io/loop.rb:88:in run'\n/usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.2/lib/fluent/plugin_helper/event_loop.rb:93:in block in start'\n/usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.2/lib/fluent/plugin_helper/thread.rb:78:in block in thread_create'"}

Solution

  • The problem was missing security tag in first fluentd.

    <match TOPIC>
  @type copy
  <store>
    @type stdout
  </store>
  <store>
    @type forward
    <server>
      host "#{ENV['FLUENTD_HOST']}"
      port "#{ENV['FLUENTD_PORT']}"
      shared_key "#{ENV['FLUENTD_SHARED_KEY']}"
    </server>
    <security>
      self_hostname HOSTNAME
      shared_key "#{ENV['FLUENTD_SHARED_KEY']}"
    </security>
  </store>
</match>