当尝试将文件加载到弹性文件时,使用运行下面的配置文件的logstash,我在弹性上获得以下输出msgs并且没有加载文件(当输入被配置为stdin时,一切似乎都正常工作)
[2014-08-20 10:51:10,957][INFO ][cluster.service ] [Max] added {[logsta
sh-GURWB02038-5480-4002][dstQagpWTfGkSU5Ya-sUcQ][GURWB02038][inet[/10.203.152.13
9:9301]]{client=true, data=false},}, reason: zen-disco-receive(join from node[[l
ogstash-GURWB02038-5480-4002][dstQagpWTfGkSU5Ya-sUcQ][GURWB02038][inet[/10.203.1
52.139:9301]]{client=true, data=false}])
我使用的Logstash配置文件如下: -
input {
file {
path => "D:/example.log"
}
}
output {
elasticsearch {
host => "localhost"
}
}
答案 0 :(得分:0)
您可能缺少start_position。
尝试这样的事情。
input {
file {
path => "D:/example.log"
start_position => "beginning"
}
}
根据文件,还要考虑“第一次接触”限制。
start_position
Value can be any of: "beginning", "end"
Default value is "end"
Choose where Logstash starts initially reading files: at the beginning or at the end.
The default behavior treats files like live streams and thus starts at the end.
If you have old data you want to import, set this to ‘beginning’
This option only modifies “first contact” situations where a file is new and not seen
before. If a file has already been seen before, this option has no effect.
希望这有帮助。
答案 1 :(得分:0)
从所有示例中可以看出,syntext是:
output {
elasticsearch {
host => localhost
}
}