Question

我一直试图使用shield将logstash写入elasticseach，但没有成功。

在将shield插件安装到elasticsearch之前，我的设置工作正常。我已关注this guide from elastic.co并使用以下内容为logstash user role创建了新用户：

esusers useradd logstashadmin -r logstash

我还更新了logstash output configuration，并按照指南中的建议添加了protocol，user和password。

重新启动logstash和elasticsearch后，我仍然没有收到来自logstash的elasticsearch上的任何内容。我错过了什么吗？

这是我的设置：

$ esusers roles logstashadmin                         
logstashadmin  : logstash

$ cat shield/roles.yml
...
# The required role for logstash users
logstash:
  cluster: indices:admin/template/get, indices:admin/template/put
  indices:
    'logstash-*': indices:data/write/bulk, indices:data/write/delete, indices:data/write/update, indices:data/read/search, indices:data/read/scroll, create_index
...


$ cat logstash/output.conf

output {
  elasticsearch {
    protocol => "http"
    cluster => "logstash"
    user => "logstashadmin"
    password => "logstashadmin123"
  }
}

注意：我还在logstash中安装了transport插件，并使用相同的否定结果尝试了它而不是protocol => "http"。

如果您需要更多信息，请与我们联系。谢谢

编辑1：

弹性搜索日志：

[2015-06-12 05:59:16,952][INFO ][node                     ] [Silver Sable] stopping ...
[2015-06-12 05:59:17,087][INFO ][shield.license           ] [Silver Sable] DISABLING LICENSE FOR [shield]
[2015-06-12 05:59:17,088][INFO ][node                     ] [Silver Sable] stopped
[2015-06-12 05:59:17,088][INFO ][node                     ] [Silver Sable] closing ...
[2015-06-12 05:59:17,104][INFO ][node                     ] [Silver Sable] closed
[2015-06-12 05:59:20,479][INFO ][node                     ] [Lionheart] version[1.4.5], pid[28662], build[2aaf797/2015-04-27T08:06:06Z]
[2015-06-12 05:59:20,480][INFO ][node                     ] [Lionheart] initializing ...
[2015-06-12 05:59:20,586][INFO ][plugins                  ] [Lionheart] loaded [license, shield], sites []
[2015-06-12 05:59:21,301][INFO ][transport                ] [Lionheart] Using [org.elasticsearch.shield.transport.ShieldServerTransportService] as transport service, overridden by [shield]
[2015-06-12 05:59:21,301][INFO ][transport                ] [Lionheart] Using [org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as transport, overridden by [shield]
[2015-06-12 05:59:21,301][INFO ][http                     ] [Lionheart] Using [org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport] as http transport, overridden by [shield]
[2015-06-12 05:59:27,166][INFO ][node                     ] [Lionheart] initialized
[2015-06-12 05:59:27,166][INFO ][node                     ] [Lionheart] starting ...
[2015-06-12 05:59:28,148][INFO ][shield.transport         ] [Lionheart] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/10.1.0.25:9300]}
[2015-06-12 05:59:28,209][INFO ][discovery                ] [Lionheart] logstash/uuDCpM6hTKKvLNd2oFGYpA
[2015-06-12 05:59:32,032][INFO ][cluster.service          ] [Lionheart] new_master [Lionheart][uuDCpM6hTKKvLNd2oFGYpA][0ba2a1c6e1de][inet[/10.1.0.25:9300]], reason: zen-disco-join (elected_as_master)
[2015-06-12 05:59:32,119][INFO ][http                     ] [Lionheart] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/10.1.0.25:9200]}
[2015-06-12 05:59:32,119][INFO ][node                     ] [Lionheart] started
[2015-06-12 05:59:33,007][INFO ][shield.license           ] [Lionheart] enabling license for [shield]
[2015-06-12 05:59:33,013][INFO ][license.plugin.core      ] [Lionheart] license for [shield] - valid
[2015-06-12 05:59:33,028][ERROR][shield.license           ] [Lionheart] 
#
# Shield license will expire on [Saturday, July 11, 2015]. Cluster health, cluster stats and indices stats operations are
# blocked on Shield license expiration. All data operations (read and write) continue to work. If you
# have a new license, please update it. Otherwise, please reach out to your support contact.
#
[2015-06-12 05:59:33,162][INFO ][gateway                  ] [Lionheart] recovered [2] indices into cluster_state

Logstash日志:(此部分多次重复）

NotImplementedError: block device detection unsupported or native support failed to load
       blockdev? at org/jruby/RubyFileTest.java:67
         device? at /opt/logstash/vendor/bundle/jruby/1.9/gems/filewatch-0.6.2/lib/filewatch/helper.rb:67
  _sincedb_write at /opt/logstash/vendor/bundle/jruby/1.9/gems/filewatch-0.6.2/lib/filewatch/tail.rb:230
   sincedb_write at /opt/logstash/vendor/bundle/jruby/1.9/gems/filewatch-0.6.2/lib/filewatch/tail.rb:203
        teardown at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-file-0.1.10/lib/logstash/inputs/file.rb:151
     inputworker at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/pipeline.rb:203
     synchronize at org/jruby/ext/thread/Mutex.java:149
     inputworker at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/pipeline.rb:203
     start_input at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0-java/lib/logstash/pipeline.rb:171

Answer 1

我认为这是一个与盾无关的问题。检查此问题： https://github.com/elastic/logstash/issues/3127

就像帖子中提到的那样，执行以下操作对我来说很有用：

ln -s /lib/x86_64-linux-gnu/libcrypt.so.1 /usr/lib/x86_64-linux-gnu/libcrypt.so

Logstash没有用Shield

编辑1：

1 个答案: