我是ELK的新手,我正在努力使用我的logstash配置文件。问题是logstash正在处理旧数据。 以下是使用新数据运行时出现的错误:
A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::File path=>["C:/Users/MISHAL/Desktop/ELK_Files/jsonTest/jt.json"], type=>"json", start_position=>"beginning", sincedb_path=>"/dev/null", codec=><LogStash::Codecs::Plain charset=>"UTF-8">, stat_interval=>1, discover_interval=>15, sincedb_write_interval=>15, delimiter=>"\n">
Error: No such file or directory - C:/dev/null.14066.5108.511127 {:level=>:error}
配置文件:
input {
file{
path => ["C:/Users/MISHAL/Desktop/ELK_Files/jsonTest/jt.json"]
type => "json"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
grok {
match => [ 'message', '(?<body>\"id\":.*\"enq\":\"[^"]+\")' ]
add_field => [ "json_body", "{%{body}}" ]
}
json {
source => "json_body"
remove_field => ["message","body","json_body" ]
}
mutate {
add_field => ["[test][enq]","%{[enq]}"]
add_field => ["[test][bkd]","%{[bkd]}"]
}
mutate {
convert => [ "[test][increasedFare]", "float"]
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => "localhost"
index => "jst-json"
}
}
Ps:我也尝试删除sincedb_path =&gt; “/ dev / null”并删除所有的sinceDB文件。即便如此,它仍然没有处理新数据,但没有任何错误信息。