我有一个使用redis通道作为缓冲区的ELK实例。日志被导入,由托运人正确解析为redis,但没有任何东西可以用于elasticsearch。
我的托运人配置如下所示:
input {
file {
path => [ "/var/log/aggregates.log" ]
type => "aggregates"
}
}
output {
redis {
host => "xxxx"
data_type => "channel"
key => "logstash-aggregates"
}
}
filter {
csv {
columns => [ 'start_time', 'end_time','total_count' ... ]
separator => ","
}
}
索引器配置如下所示:
input {
redis {
host => "xxxx"
type => "aggregates"
data_type => "channel"
key => "logstash-aggregates"
format => "json_event"
}
}
output {
elasticsearch {
bind_host => "xxxx"
cluster => "default_cluster"
host => "xxxx"
action => "index"
}
}
我有什么东西在这里失踪吗?我似乎无法弄明白。