"D:/Proj-6ren">
gpt4 book ai didi

elasticsearch - 日志没有从logstash推送到elasticsearch

转载 作者:行者123 更新时间:2023-12-03 00:47:02 25 4
gpt4 key购买 nike

logstash-config.conf

input {
file {
path => ["D:/project/log/samplex.log"]
sincedb_path => "D:/Project/logstash-7.5.0/data/plugins/inputs/file/null"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["192.168.1.8:9200"]
index => "db"
#user => "elastic"
#password => "changeme"
} }

控制台日志

D:\Project\logstash-7.5.0\bin>logstash -f logstash-sample.conf
Thread.exclusive is deprecated, use Thread::Mutex Sending Logstash logs to D:/Project/logstash-7.5.0/logs which is now configured via log4j2.properties [2019-12-16T23:26:28,465][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-12-16T23:26:28,580][INFO ][logstash.runner ] Starting Logstash
{"logstash.version"=>"7.5.0"} [2019-12-16T23:26:30,143][INFO ][org.reflections.Reflections] Reflections took 32 ms to scan 1 urls, producing 20 keys and 40 values [2019-12-16T23:26:31,024][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://192.168.1.8:9200/]}} [2019-12-16T23:26:31,201][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://192.168.1.8:9200/"} [2019-12-16T23:26:31,256][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7} [2019-12-16T23:26:31,264][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>7} [2019-12-16T23:26:31,333][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//192.168.1.8:9200"]} [2019-12-16T23:26:31,404][INFO ][logstash.outputs.elasticsearch][main] Using default mapping template [2019-12-16T23:26:31,439][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge][main] A gauge metric of an unknown type (org.jruby.specialized.RubyArrayOneObject) has been create for key: cluster_uuids. This may result in invalid serialization. It is recommended to log an issue to the responsible developer/development team. [2019-12-16T23:26:31,449][INFO ][logstash.javapipeline
][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["D:/Project/logstash-7.5.0/bin/logstash-sample.conf"], :thread=>"#"} [2019-12-16T23:26:31,506][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}} [2019-12-16T23:26:32,041][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"} [2019-12-16T23:26:32,114][INFO ][filewatch.observingtail ][main] START, creating Discoverer, Watch with file and sincedb collections [2019-12-16T23:26:32,118][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]} [2019-12-16T23:26:32,502][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}



logstash不会读取提到的日志文件,并且它处于空闲状态。

samplex.log

[2019-12-16T22:30:59,310][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://192.168.1.8:9200/]}} [2019-12-16T22:30:59,472][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://192.168.1.8:9200/"} [2019-12-16T22:30:59,558][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7} [2019-12-16T22:30:59,565][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>7} [2019-12-16T22:30:59,653][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//192.168.1.8:9200"]} [2019-12-16T22:30:59,724][INFO ][logstash.outputs.elasticsearch][main] Using default mapping template dsdasd

最佳答案

在Windows中,我认为您保存的文件名为sample.log,但在内部它会被视为文本文件。因此,它将类似于“sample.log.txt”

所以请尝试

input {
file {
#type => "log"
path => "D:/Downloads/logstash-6.7.0/bin/samplex.log.txt"
sincedb_path => "D:/Downloads/logstash-6.7.0/data/plugins/inputs/file/null"
start_position => "beginning"
#ignore_older => 0
}
}



output {
stdout { codec => "rubydebug"}
elasticsearch {
hosts => "http://xx-xx-xx-xx:9200"
index => "db"
}
}

如果仍然发现问题,请尝试删除sincedb_path中的空文件,然后重试。

如果问题已解决,请告诉我。
希望这对您有帮助。

关于elasticsearch - 日志没有从logstash推送到elasticsearch,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59362022/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com