在Linux中配置Logstash时出错(仍可运行)

时间:2016-04-05 06:17:01

标签: elasticsearch logstash elastic-stack logstash-forwarder filebeat

我遇到了一些关于配置Logstash的问题。

我使用filebeats来转发日志,这是第一次运行良好。但是,当我关闭并重新启动termainal以配置logstash和filebeats时。甚至Kibana UI显示仍然发送和读取日志文件时出现错误:

Settings: Default pipeline workers: 8
Beats inputs: Starting input listener {:address=>"0.0.0.0:5044", :level=>:info}
The error reported is: 
Address already in use - bind - Address already in use

这是配置文件

input {
  beats {
  port => 5044
  type => "logs"
  ssl => true
  ssl_certificate => "/etc/pki/tls/certs/filebeat.crt"
  ssl_key => "/etc/pki/tls/private/filebeat.key"
  }
}

filter{
  if [type] == "syslog" {
  grok {
     match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
     add_field => [ "received_at", "%{@timestamp}" ]
     add_field => [ "received_from", "%{host}" ]
  }
  syslog_pri { }
  date {
     match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
  }
 }
}
output {
  elasticsearch {
    hosts => ["localhost:9200"]
}
  stdout { codec => rubydebug }
}

我不知道发生了什么。有人可以请你告诉我。感谢

0 个答案:

没有答案