Logstash丢失了消息

时间:2015-08-04 10:01:04

标签: parsing logging logstash

我发现我的logstash丢失了消息。出于测试目的,我已将关键字" MEM" 添加到Multihub-log,后者每隔一分钟显示在日志文件中。我等了几分钟没有任何结果。

之后我从配置中删除了 MultihubTST2-log MultihubTST3-log ,之后我才收到zabbix通知(来自logstash)输出)。

请告知如何解决此问题,我的配置文件可能有问题。

  • Logstash版本:1.5.1
  • 操作系统:Windows 2008R2 X64

我的配置文件如下:

input {
file {
   path => ["C:\QUIK\Multihub\multihub.log"]
   type => "Multihub-log"
   codec => plain { charset => "UTF-8" }
   start_position => "end"
   stat_interval => 1
   discover_interval => 5
   sincedb_path => "C:\Progra~1\logstash\sincedb\sincedb_multihub"
}
file {
  path => ["C:\QUIK\Multihub_TST2\multihub.log"]
  type => "MultihubTST2-log"
  codec => plain { charset => "UTF-8" }
  start_position => "end"
  stat_interval => 1
  discover_interval => 5
  sincedb_path => "C:\Progra~1\logstash\sincedb\sincedb_multihubtst2"
}
file {
  path => ["C:\QUIK\Multihub_TST3\multihub.log"]
  type => "MultihubTST3-log"
  codec => plain { charset => "UTF-8" }
  start_position => "end"
  stat_interval => 1
  discover_interval => 5
  sincedb_path => "C:\Progra~1\logstash\sincedb\sincedb_multihubtst3"
}
}

filter {
   if [type] == "Multihub-log" and [message] !~ /MEM|exception|Disconnect|Down|Fail|Unavailable|gate/ {
    drop {}
    }
    mutate {
        add_field => { "[@metadata][zabbix_key_mhub]" => "mhub.prod1" }
}
if [type] == "MultihubTST2-log" and [message] !~ /MEM|exception|Disconnect|Down|Fail|Unavailable|gate/ {
    drop {}
    }
    mutate {
        add_field => { "[@metadata][zabbix_key_tst2]" => "mhub.tst2" }
}
if [type] == "MultihubTST3-log" and [message] !~ /MEM|exception|Disconnect|Down|Fail|Unavailable|gate/ {
    drop {}
    }
    mutate {
        add_field => { "[@metadata][zabbix_key_tst3]" => "mhub.tst3" }
}
}
output {

if [type] == "Multihub-log" {
zabbix {
    zabbix_host => "host"
    zabbix_key => "[@metadata][zabbix_key_mhub]"
    zabbix_server_host => "10.1.110.71"
    zabbix_value => "message"
}
}
if [type] == "MultihubTST2-log" {
zabbix {
    zabbix_host => "host"
    zabbix_key => "[@metadata][zabbix_key_tst2]"
    zabbix_server_host => "10.1.110.71"
    zabbix_value => "message"
}
}
if [type] == "MultihubTST3-log" {
zabbix {
    zabbix_host => "host"
    zabbix_key => "[@metadata][zabbix_key_tst3]"
    zabbix_server_host => "10.1.110.71"
    zabbix_value => "message"
}
}
stdout { codec => rubydebug }
}

提前致谢!

0 个答案:

没有答案