Flume读取Hive日志，把日志按照不同文件夹、日志级别日期进行区分，并输出到HDFS中

解决方案：
1.使用taildir source读取hive日志。
2.自定义intercepter，由于一段hive日志只有第一行有时间戳和日志级别信息，将日期和日志级别信息存储到第一行所在的Event的header里，再通过拦截器将后几行的内容归并到第一行所在的event的body里。
3.通过hdfs sink从header中取出时间戳和日志类型信息，将日志输出到对应的hdfs目录。
flume配置文件

// An highlighted block
# Name the components on this agent
a1.sinks = k1
a1.channels = c1

# Describe/configure the source
a1.sources.r1.type = TAILDIR
a1.sources.r1.filegroups = f1
#hive日志文件位置
a1.sources.r1.filegroups.f1 = /tmp/root/hive.log
#Taildir position文件位置
a1.sources.r1.positionFile = /tmp/flume/position/hivelog_position.json

# Describe the sink
a1.sinks.k1.type = hdfs
#日志文件输出到的位置
a1.sinks.k1.hdfs.path = hdfs://master:9000/flume_output_pn/hiveLogs/%{date}/%{level}
#a1.sinks.k1.type = logger
#设置文件类型，可支持压缩
a1.sinks.k1.hdfs.fileType = DataStream
a1.sinks.k1.hdfs.round = true
a1.sinks.k1.hdfs.roundValue = 10
a1.sinks.k1.hdfs.roundUnit = minute

a1.sources.r1.interceptors = i1
#intercepter全类名
a1.sources.r1.interceptors.i1.type = interceptor.HiveLogsInterceptor$Builder

# Use a channel which buffers events in memory
a1.channels.c1.type = memory
a1.channels.c1.capacity = 1000
a1.channels.c1.transactionCapacity = 100

# Bind the source and sink to the channel
a1.sources.r1.channels = c1
a1.sinks.k1.channel = c1

intercepter代码

@Override
    public Event intercept(Event event) {
        Map<String,String> header = event.getHeaders();
        String body = new String(event.getBody());
        String levelValue = null;  //日志级别
        if(body.contains("INFO"))
            levelValue = "INFO";
        else if(body.contains("WARNING"))
            levelValue = "WARNING";
        else if(body.contains("ERROR"))
            levelValue = "ERROR";
        else
            levelValue = "DEBUG";

        header.put("level",levelValue);
        header.put("date",body.substring(0, 10));
        System.out.println("level:"+header.get("level"));
        System.out.println("date:"+header.get("date"));
        return event;
    }
    ```
    ```java
    @Override
    public List<Event> intercept(List<Event> list) {
        events.clear();
        int lastIndex = -1;
        for(Event e:list){
            if(haveHeadMessage(new String(e.getBody()))){
                events.add(intercept(e));
                lastIndex = events.size()-1;//更新正确匹配的event在events中的位置
            }else{
                String body  = new String(events.get(lastIndex).getBody())+
                "\n"+ new String(e.getBody());
                System.out.println("body:"+body);
                events.get(lastIndex).setBody(body.getBytes());
            }

        }
        return events;
    }
    ```
    
    运行后文件目录结构：
    ![](https://img-blog.csdnimg.cn/20200318201140323.PNG?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NTg1NzE1NA==,size_16,color_FFFFFF,t_70)