弹性搜索无法从 logstash 获取索引,这是可行的,但比没有新提要

时间:2021-04-23 10:03:07

标签: elasticsearch logstash elk

它获得了从 Logstash 到 Elasticsearch 的索引,但在我重新启动 Logstash 后,什么也不做。这是我的logstash.conf

input {
  beats {
    port => 5044
  }
}
filter {
   if "fsrmc" in [tags] {
   grok {
      match => [ "message" , "\[%{TIMESTAMP_ISO8601:Time_Stamp},(?<TIMEZONE>GMT\+08)\] \[.*?\] \{\"path\":\"(?<http_method>.*?) (?<api_url>.*?)\",\"(?<data>.?*)\}"   ]
   }
    #json {
    #  source => "message"
    #  target => "jsoncontent"
    #}
    mutate {
      # add_field => {"[@metadata][tags]" => "fsrmc-logs"}
      remove_field => ["_id", "_score", "_type", "agent.ephemeral_id", "agen.id"]
    }
  }
}
output {
  stdout { codec => rubydebug }
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  }
}

我的 logstash-plain.log 导出过滤器设置成功。有什么有用的提示吗?

0 个答案:

没有答案
相关问题
最新问题