所以,我正在尝试使用logstash-forwarder设置Logstash,但我遇到了一些问题。看起来lumberjack实际上并不启动并侦听端口5000(使用netstat -anltp
检查)并且错误消息(似乎与我的配置无关)被转储到logstash日志中。
我的配置文件
input {
lumberjack {
port => 5000
ssl_certificate => "/etc/ssl/star_server_com.crt"
ssl_key => "/etc/ssl/server.key"
type => "somelogs"
}
}
output {
elasticsearch_http {
host => "haproxy.server.com"
password => "a0fe9d5dedwedfacd240a25b0"
user => "90765547wfefwefwee429f"
}
}
从--configtest
输出Using milestone 1 input plugin 'lumberjack'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2-modified/plugin-milestones {:level=>:warn}
Using milestone 2 output plugin 'elasticsearch_http'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2-modified/plugin-milestones {:level=>:warn}
/var/log/logstash/logstash.log中的错误消息
{
: timestamp=>"2014-12-05T07:47:35.065000+0000",
: message=>"Error parsing JSON",
: json=>"{\"logstash\":{\"order\":0,\"template\":\"logstash-*\",\"settings\":{\"index.refresh_interval\":\"5s\"},\"mappings\":{\"_default_\":{\"dynamic_templates\":[{\"string_fields\":{\"mapping\":{\"index\":\"analyzed\",\"omit_norms\":true,\"type\":\"string\",\"fields\":{\"raw\":{\"index\":\"not_analyzed\",\"ignore_above\":256,\"type\":\"string\"}}},\"match_mapping_type\":\"string\",\"match\":\"*\"}}],\"properties\":{\"geoip\":{\"dynamic\":true,\"path\":\"full\",\"properties\":{\"location\":{\"type\":\"geo_point\"}},\"type\":\"object\"},\"@version\":{\"index\":\"not_analyzed\",\"type\":\"string\"}},\"_all\":{\"enabled\":true}}},\"aliases\":{}}}H",
: results=>"",
: error=>"unexpected token at 'H'",
: level=>: error
}