我编写了一个Logstash配置文件,以便它读取日志消息文件,然后将数据传输到elasticsearch。
配置文件的位置:pipe.conf
/etc/logstash/conf.d
pipe.conf具有以下内容:
input
{
file
{
path => "/var/log/elasticsearch/file.log"
sincedb_path => "/dev/null"
start_position => "beginning"
type => "doc"
}
}
output
{
elasticsearch
{
hosts => ["localhost:9200"]
action => "create"
index => ["logs"]
}
}
Logstash运行时,发生错误,
"[Ruby-0-Thread-10@[main]>worker3: :1] elasticsearch - Encountered a retryable error. Will Retry with exponential backoff {:code=>400, :url=>"http://localhost:9200/_bulk"}"
答案 0 :(得分:0)
默认动作是创建。因此需要添加操作。
elasticsearch {
hosts => ["http://localhost:9200"]
index => "logs"
}