{"id":363,"date":"2018-08-22T12:36:35","date_gmt":"2018-08-22T03:36:35","guid":{"rendered":"http:\/\/dong1lkim.oboki.net\/?p=363"},"modified":"2019-09-01T22:21:05","modified_gmt":"2019-09-01T13:21:05","slug":"fluentd-usecase-exec","status":"publish","type":"post","link":"https:\/\/oboki.net\/workspace\/data-engineering\/fluentd\/fluentd-usecase-exec\/","title":{"rendered":"[Fluentd] Usecase – exec"},"content":{"rendered":"

Fluentd Use Case<\/h1>\n

exec \ud50c\ub7ec\uadf8\uc778 \ud65c\uc6a9\ud558\uae30<\/h2>\n

\n in_exec \ud50c\ub7ec\uadf8\uc778\uc744 \ud65c\uc6a9\ud558\uba74 \uc0ac\uc6a9\uc790\uac00 \uc218\uc9d1\ud558\uace0\uc790 \ud558\ub294 \uc815\ud655\ud55c \uc815\ubcf4\ub97c \ub9cc\ub4e4\uc5b4\ub0b4\uc11c \uc218\uc9d1\ud560 \uc218 \uc788\ub2e4.\n<\/p><\/blockquote>\n

linux_free<\/h3>\n

linux \ubaa8\ub2c8\ud130\ub9c1 \uba85\ub839\uc5b4\uc778 free \uc758 \uacb0\uacfc\ub97c \uc8fc\uae30\uc801\uc73c\ub85c \uc218\uc9d1\ud574\ubcf8\ub2e4.<\/p>\n

\ub370\uc774\ud130 \uc18c\uc2a4 \uc2a4\ud06c\ub9bd\ud2b8<\/h4>\n

vi \/app\/fluentd\/scripts\/free.sh<\/code><\/p>\n

#!\/bin\/bash\n\nDATE=date "+%Y-%m-%d %H:%M:%S"<\/code>\nDATA=free -k | grep "Mem:" | awk '{print $2,$3,$4,$5,$6,$7}'<\/code>\n\necho $DATA $DATE\n<\/code><\/pre>\n
fluentd config<\/h4>\n
# linux_free\n## Input\n\n    @type exec\n    command \/app\/fluentd\/scripts\/free.sh\n\n        @type regexp\n        expression \/^(?\\d+)\\s+(?\\d+)\\s+(?\\d+)\\s+(?\\d+)\\s+(?\\d+)\\s+(?\\d+)\\s+(?.*)$\/\n\n    tag \"exec.free.#{Socket.gethostname}\"\n    run_interval 3s\n    time_key time\n    time_format %Y-%m-%d %H:%M:%S\n\n## Filter\n\n    @type record_transformer\n\n        hostname \"#{Socket.gethostname}\"\n\n## Output\n\n    @type copy\n    #\n    #   @type stdout\n    #   include_tag_key true\n    #   include_time_key true\n    #\n\n        @type elasticsearch\n        hosts 192.168.179.81:9200,192.168.179.82:9200,\n        logstash_format true\n        logstash_prefix linux_free\n        logstash_dateformat %Y%m%d\n        include_tag_key true\n        tag_key @log_name\n        flush_interval 3s\n\n<\/code><\/pre>\n
linux_vmstat<\/h3>\n
linux \ubaa8\ub2c8\ud130\ub9c1 \uba85\ub839\uc5b4\uc778 vmstat\uc758 \uacb0\uacfc\ub97c \uc8fc\uae30\uc801\uc73c\ub85c \uc218\uc9d1\ud574\ubcf8\ub2e4.<\/p>\n
\ub370\uc774\ud130 \uc18c\uc2a4 \uc2a4\ud06c\ub9bd\ud2b8<\/h4>\n
vi \/app\/fluentd\/scripts\/vmstat.sh<\/code><\/p>\n
#!\/bin\/bash\n\nvmstat -t | grep -v \"^procs\" | grep -v -P \"^\\s+r\"\n<\/code><\/pre>\n
fluentd config<\/h4>\n
# linux_vmstat\n## Input\n<source>\n    @type exec\n    command \/app\/fluentd\/scripts\/vmstat.sh\n    <parse>\n        @type regexp\n        expression \/^(?<procs_r>\\d+)\\s+(?<procs_b>\\d+)\\s+(?<memory_swpd>\\d+)\\s+(?<memory_free>\\d+)\\s+(?<memory_buff>\\d+)\\s+(?<memory_cache>\\d+)\\s+(?<swap_si>\\d+)\\s+(?<swap_so>\\d+)\\s+(?<io_bi>\\d+)\\s+(?<io_bo>\\d+)\\s+(?<system_in>\\d+)\\s+(?<system_cs>\\d+)\\s+(?<cpu_us>\\d+)\\s+(?<cpu_sy>\\d+)\\s+(?<cpu_id>\\d+)\\s+(?<cpu_wa>\\d+)\\s+(?<cpu_st>\\d+)\\s+(?<time>.*)$\/\n    <\/parse>\n    tag \"exec.vmstat.#{Socket.gethostname}\"\n    run_interval 3s\n    time_key time\n    time_format %Y-%m-%d %H:%M:%S\n<\/source>\n\n## Filter\n<filter exec.vmstat.**>\n    @type record_transformer\n    <record>\n        hostname \"#{Socket.gethostname}\"\n    <\/record>\n<\/filter>\n\n## Output\n<match exec.vmstat.**>\n    @type copy\n    #<store>\n    #   @type stdout\n    #   include_tag_key true\n    #   include_time_key true\n    #<\/store>\n    <store>\n        @type elasticsearch\n        hosts 192.168.179.81:9200,192.168.179.82:9200,\n        logstash_format true\n        logstash_prefix linux_vmstat\n        logstash_dateformat %Y%m%d\n        include_tag_key true\n        tag_key @log_name\n        flush_interval 3s\n    <\/store>\n<\/match>\n<\/code><\/pre>\n
linux_who<\/h3>\n
linux \ubaa8\ub2c8\ud130\ub9c1 \uba85\ub839\uc5b4\uc778 who\uc758 \uacb0\uacfc\ub97c \uc8fc\uae30\uc801\uc73c\ub85c \uc218\uc9d1\ud574\ubcf8\ub2e4.<\/p>\n
\ub370\uc774\ud130 \uc18c\uc2a4 \uc2a4\ud06c\ub9bd\ud2b8<\/h4>\n
vi \/app\/fluentd\/scripts\/who.sh<\/code><\/p>\n
#!\/bin\/bash\n\nwho | awk '{print $0, strftime(\"%Y-%m-%d %H:%M:%S\")}'\n<\/code><\/pre>\n
fluentd config<\/h4>\n
# linux_who\n## Input\n<source>\n    @type exec\n    command \/app\/fluentd\/scripts\/who.sh\n    <parse>\n        @type regexp\n        expression \/^(?<NAME>\\S+)\\s+(?<LINE>\\S+)\\s+(?<TIME>\\S{3}\\s\\d+\\s\\d{2}:\\d{2}+)\\s+(?<COMMENT>\\S+)\\s+(?<time>.*)$\/\n    <\/parse>\n    tag \"exec.who.#{Socket.gethostname}\"\n    run_interval 3s\n    time_key time\n    time_format %Y-%m-%d %H:%M:%S\n<\/source>\n\n## Filter\n<filter exec.who.**>\n    @type record_transformer\n    <record>\n        hostname \"#{Socket.gethostname}\"\n    <\/record>\n<\/filter>\n\n## Output\n<match exec.who.**>\n    @type copy\n    #<store>\n    #   @type stdout\n    #   include_tag_key true\n    #   include_time_key true\n    #<\/store>\n    <store>\n        @type elasticsearch\n        hosts 192.168.179.81:9200,192.168.179.82:9200,\n        logstash_format true\n        logstash_prefix linux_who\n        logstash_dateformat %Y%m%d\n        include_tag_key true\n        tag_key @log_name\n        flush_interval 3s\n    <\/store>\n<\/match>\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Fluentd Use Case exec \ud50c\ub7ec\uadf8\uc778 \ud65c\uc6a9\ud558\uae30 in_exec \ud50c\ub7ec\uadf8\uc778\uc744 \ud65c\uc6a9\ud558\uba74 \uc0ac\uc6a9\uc790\uac00 \uc218\uc9d1\ud558\uace0\uc790 \ud558\ub294 \uc815\ud655\ud55c \uc815\ubcf4\ub97c \ub9cc\ub4e4\uc5b4\ub0b4\uc11c \uc218\uc9d1\ud560 \uc218 \uc788\ub2e4. linux_free linux \ubaa8\ub2c8\ud130\ub9c1 \uba85\ub839\uc5b4\uc778 free \uc758 \uacb0\uacfc\ub97c \uc8fc\uae30\uc801\uc73c\ub85c \uc218\uc9d1\ud574\ubcf8\ub2e4. \ub370\uc774\ud130 \uc18c\uc2a4 \uc2a4\ud06c\ub9bd\ud2b8 vi \/app\/fluentd\/scripts\/free.sh #!\/bin\/bash DATE=date "+%Y-%m-%d %H:%M:%S" DATA=free -k | grep "Mem:" | awk '{print $2,$3,$4,$5,$6,$7}' echo $DATA $DATE fluentd config # linux_free ## Input @type […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[142],"class_list":["post-363","post","type-post","status-publish","format-standard","hentry","category-fluentd","tag-fluented"],"_links":{"self":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/comments?post=363"}],"version-history":[{"count":6,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/363\/revisions"}],"predecessor-version":[{"id":1245,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/363\/revisions\/1245"}],"wp:attachment":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/media?parent=363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/categories?post=363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/tags?post=363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}