我已将logstash + elasticsearch + kibana安装到一个主机中,并从标题中收到错误。我已经搜索了所有相关主题,仍然没有运气而且卡住了。 我将分享我所做的配置:
elasticsearch.yml
cluster.name: hive
node.name: "logstash-central"
network.bind_host: 10.1.1.25
/var/log/elasticsearch/hive.log
的输出[2015-01-13 15:18:06,562][INFO ][node ] [logstash-central] initializing ...
[2015-01-13 15:18:06,566][INFO ][plugins ] [logstash-central] loaded [], sites []
[2015-01-13 15:18:09,275][INFO ][node ] [logstash-central] initialized
[2015-01-13 15:18:09,275][INFO ][node ] [logstash-central] starting ...
[2015-01-13 15:18:09,385][INFO ][transport ] [logstash-central] bound_address {inet[/10.1.1.25:9300]}, publish_address {inet[/10.1.1.25:9300]}
[2015-01-13 15:18:09,401][INFO ][discovery ] [logstash-central] hive/T2LZruEtRsGPAF_Cx3BI1A
[2015-01-13 15:18:13,173][INFO ][cluster.service ] [logstash-central] new_master [logstash-central][T2LZruEtRsGPAF_Cx3BI1A][logstash.tw.intra][inet[/10.1.1.25:9300]], reason: zen-disco-join (elected_as_master)
[2015-01-13 15:18:13,193][INFO ][http ] [logstash-central] bound_address {inet[/10.1.1.25:9200]}, publish_address {inet[/10.1.1.25:9200]}
[2015-01-13 15:18:13,194][INFO ][node ] [logstash-central] started
[2015-01-13 15:18:13,209][INFO ][gateway ] [logstash-central] recovered [0] indices into cluster_state
访问 logstash.example.com:9200 会像ES指南中那样提供普通输出:
{
"status" : 200,
"name" : "logstash-central",
"cluster_name" : "hive",
"version" : {
"number" : "1.4.2",
"build_hash" : "927caff6f05403e936c20bf4529f144f0c89fd8c",
"build_timestamp" : "2014-12-16T14:11:12Z",
"build_snapshot" : false,
"lucene_version" : "4.10.2"
},
"tagline" : "You Know, for Search"
}
访问 http://logstash.example.com:9200/_status?提供以下内容:
{"_shards":{"total":0,"successful":0,"failed":0},"indices":{}}
Kibanas config.js 是默认值:
elasticsearch: "http://"+window.location.hostname+":9200"
Kibana通过nginx使用。这是 /etc/nginx/conf.d/nginx.conf :
server {
listen *:80 ;
server_name logstash.example.com;
location / {
root /usr/share/kibana3;
Logstash配置文件是 /etc/logstash/conf.d/central.conf :
input {
redis {
host => "10.1.1.25"
type => "redis-input"
data_type => "list"
key => "logstash"
}
output {
stdout{ { codec => rubydebug } }
elasticsearch {
host => "logstash.example.com"
}
}
Redis正在工作,流量在主服务器和从服务器之间传递(我通过tcpdump检查了它)。
15:46:06.189814 IP 10.1.1.50.41617 > 10.1.1.25.6379: Flags [P.], seq 89560:90064, ack 1129, win 115, options [nop,nop,TS val 3572086227 ecr 3571242836], length 504
netstat -apnt 显示以下内容:
tcp 0 0 10.1.1.25:6379 10.1.1.50:41617 ESTABLISHED 21112/redis-server
tcp 0 0 10.1.1.25:9300 10.1.1.25:44011 ESTABLISHED 22598/java
tcp 0 0 10.1.1.25:9200 10.1.1.35:51145 ESTABLISHED 22598/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22379/nginx
请问您应该告诉我应该采用哪种方式调查此问题?
提前致谢
答案 0 :(得分:1)
问题可能是由于nginx设置以及Kibana安装在您的服务器上并在浏览器中运行并尝试从那里访问Elasticsearch的事实。解决这个问题的典型方法是在nginx中设置代理,然后更改config.js。
对于Kibana,您拥有nginx的正确代理设置,但是您需要一些额外的工作才能让kibana能够访问Elasticsearch。
检查此帖子的评论:http://vichargrave.com/ossec-log-management-with-elasticsearch/
并查看此帖:https://groups.google.com/forum/#!topic/elasticsearch/7hPvjKpFcmQ
此示例nginx配置:https://github.com/johnhamelink/ansible-kibana/blob/master/templates/nginx.conf.j2
答案 1 :(得分:0)
您必须在输出部分
中精确设定elasticsearch协议elasticsearch {
host => "logstash.example.com"
protocol => 'http'
}