EFK（elasticsearch + fluentd + kibana）日志系统-续2

人生必须的知识就是引人向光明方面的明灯。这篇文章主要讲述EFK（elasticsearch + fluentd + kibana）日志系统-续2相关的知识，希望能为你提供帮助。
1、Fluentd stopped sending data to ES：
??https://github.com/uken/fluent-plugin-elasticsearch#declined-logs-are-resubmitted-forever-why??

output.conf: |
# Enriches records with Kubernetes metadata
< filter kubernetes.**>
@type kubernetes_metadata
< /filter>
< match **>
@id elasticsearch
@type elasticsearch
@log_level info
include_tag_key true
type_name _doc
host "#ENV[OUTPUT_HOST]"
port "#ENV[OUTPUT_PORT]"
scheme "#ENV[OUTPUT_SCHEME]"
ssl_version "#ENV[OUTPUT_SSL_VERSION]"
logstash_format true
logstash_prefix "#ENV[LOGSTASH_PREFIX]"
reload_connections false
reconnect_on_error true
reload_on_failure true
slow_flush_log_threshold 25.0
< buffer>
@type file
path /var/log/fluentd-buffers/kubernetes.system.buffer
flush_mode interval
flush_interval 5s
flush_thread_count 4
chunk_full_threshold 0.9
# retry_forever
retry_type exponential_backoff
retry_timeout 1m
retry_max_interval 30
chunk_limit_size "#ENV[OUTPUT_BUFFER_CHUNK_LIMIT]"
queue_limit_length "#ENV[OUTPUT_BUFFER_QUEUE_LIMIT]"
overflow_action drop_oldest_chunk
< /buffer>
< /match>

fluentd daemonset failed to flush the buffer，fluent-plugin-elasticsearch reloads connection after 10000 requests. (Not correspond to events counts because ES plugin uses bulk API.)This functionality which is originated from elasticsearch-ruby gem is enabled by default.Sometimes this reloading functionality bothers（影响、干扰） users to send events with ES plugin.按以下修改match,buffer后OK。