logstash未成功将数据发送到外部弹性搜索

时间:2014-06-12 17:00:28

标签: elasticsearch host logstash

以下是来自logstash.err的错误:

  

Faraday :: ConnectionFailed:已到达文件结尾                 请致电/opt/logstash/vendor/bundle/jruby/1.9/gems/faraday-0.9.0/lib/faraday/adapter/net_http.rb:44       build_response at /opt/logstash/vendor/bundle/jruby/1.9/gems/faraday-0.9.0/lib/faraday/rack_builder.rb:139          run_request at /opt/logstash/vendor/bundle/jruby/1.9/gems/faraday-0.9.0/lib/faraday/connection.rb:377      perform_request at /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.1/lib/elasticsearch/transport/transport/http/faraday.rb:24                 在org / jruby / RubyProc.java调用:271      perform_request at /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.1/lib/elasticsearch/transport/transport/base.rb:187      perform_request at /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.1/lib/elasticsearch/transport/transport/http/faraday.rb:20      perform_request at /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.1/lib/elasticsearch/transport/client.rb:102      perform_request at /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-api-1.0.1/lib/elasticsearch/api/namespace/common.rb:21         get_template at /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-api-1.0.1/lib/elasticsearch/api/actions/indices/get_template.rb:24     template_exists? at /opt/logstash/lib/logstash/outputs/elasticsearch/protocol.rb:132     template_install at /opt/logstash/lib/logstash/outputs/elasticsearch/protocol.rb:21             在/opt/logstash/lib/logstash/outputs/elasticsearch.rb:259注册                 每个在org / jruby / RubyArray.java:1613         输出工作者在/opt/logstash/lib/logstash/pipeline.rb:220        start_outputs at /opt/logstash/lib/logstash/pipeline.rb:152

这是我的输出配置:

output {
        elasticsearch { 
            host => "X.X.X.X"
            port => "9300"
            protocol => "http"
            cluster => "elasticsearch_david"
        }   
    }

没有连接问题,任何想法?

使用tcpdump进一步调查:

GET /_template/logstash HTTP/1.1
User-Agent: Faraday v0.9.0
Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept: */*
Connection: close

2 个答案:

答案 0 :(得分:5)

问题在于端口和协议不匹配:

output {
        elasticsearch { 
            host => "X.X.X.X"
            port => "9300"
            protocol => "http"
            cluster => "elasticsearch_david"
        }   
    }

您的协议设置为" http"这将需要端口9200(ES用于http请求的默认端口),但端口设置为9300,这是用于群集间通信的端口,通常与"节点"协议

不幸的是,文档与协议的默认值相矛盾:

  

协定 

Value can be any of: "node", "transport", "http"
There is no default value for this setting.
     

选择用于与Elasticsearch对话的协议。

     

'node'协议将正常连接到群集   Elasticsearch节点(但不会存储数据)。这允许你使用   多播发现之类的东西。如果您使用节点协议,那么   必须允许端口9300(或其中任何一个)进行双向通信   已配置的端口)。

     

'transport'协议将连接到您指定的主机并且将会   不会在Elasticsearch集群中显示为“节点”。这很有用   在你不能允许从中出站的连接的情况下   Elasticsearch集群到此Logstash服务器。

     

'http'协议将使用Elasticsearch REST / HTTP接口   和elasticsearch谈谈。

     

与Elasticsearch交谈时,所有协议都将使用批量请求。

     

java / jruby下的默认协议设置是“node”。默认   非java rubies上的协议是“http”

最好的办法是将协议设置设置为" node"," http"或"运输"取决于你想做什么,让logstash为你设置合适的端口:

output {
    elasticsearch { 
    host => "X.X.X.X"
    protocol => "http"
    cluster => "elasticsearch_david"
}

请参阅http://logstash.net/docs/1.4.1/outputs/elasticsearch#protocol

答案 1 :(得分:0)

这是由于配置错误:通过删除协议和端口来解决

output {
    elasticsearch { 
    host => "X.X.X.X"
    cluster => "elasticsearch_david"
}
相关问题
最新问题