我在尝试使用Elasticsearch
连接Logstash时遇到以下错误 **log4j, [2015-01-17T17:19:00.559] WARN: org.elasticsearch.discovery: [logstash-ip-10-181-166-160-1026-2020] waited for 30s and no initial state was set by the discovery**
logstash.conf
input {
lumberjack {
port => 5000
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
grok { match => [ "message", "%{TIME:log_time}\|%{WORD:Message_type}\|%{GREEDYDATA:Component}\|%{NUMBER:line_number}\| %{GREEDYDATA:log_message}"]
match => [ "path" , "%{GREEDYDATA}/%{GREEDYDATA:loccode}/%{GREEDYDATA:_machine}\:%{DATE:logdate}.log"]
break_on_match => false
}
stdout { codec => rubydebug }
elasticsearch{
embedded => false
host => "localhost"
#host => "http://xxx.xxx.xxx:9200"
port => "9300"
cluster=>"Elasticsearch-Logstash"
manage_template=> false
index=>"doppleml-%{loccode}-%{+YYYY.MM.dd}"
#template=>"/home/hduser/elasticsearch/logstash-1.4.2/doppleML_template.json"
#template=>"/home/ubuntu/elkproject/logstash-1.4.2/doppleML_template.json"
}
}
Elasticsearch.yml:
network.host: localhost
cluster.name: Elasticsearch-Logstash
我是否需要在logstash或Elasticsearch配置文件中包含任何更改?
答案 0 :(得分:1)
如果你没有设置协议,它可能默认为“http”,但你直接将端口设置为“9300”,这是行不通的。我要么将协议设置为“http”并将端口设置为“9200”或将协议设置为“node”或“transport”并将端口设置为“9300”。
这个文档页面有助于设置/调试logstash和elasticsearch的输出设置: