错误与ruby代码有关,我该如何解决?
配置:
input {
beats {
port => 5044
ssl => false
}
}
filter {
if [type] == "apache" {
ruby {
code => " if event['message']
event['message'] = event['message'].gsub('\x','Xx')
event['message'] = event['message'].gsub('\x','XXx')
end
"
}
json {
source => "message"
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
Logstash日志:
{:timestamp =>“2016-07-01T13:23:30.475000 + 0100”,:message =>“连接 拒绝“,:class =>”Manticore :: SocketException“, :回溯=> [“/选择/ logstash /供应商/束/的jruby / 1.9 /宝石/怪兽-0.6.0的Java / LIB /怪兽/ response.rb:在:37 initialize'“,”org / jruby / RubyProc.java:281:incall'“, “/opt/logstash/vendor/bundle/jruby/1.9/gems/manticore-0.6.0-java/lib/manticore/response.rb:79:in 呼叫'”, “/opt/logstash/vendor/bundle/jruby/1.9/gems/manticore-0.6.0-java/lib/manticore/response.rb:256:incall_once'”, “/opt/logstash/vendor/bundle/jruby/1.9/gems/manticore-0.6.0-java/lib/manticore/response.rb:153:in 码'”, “/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/http/manticore.rb:84:inperform_request'”, “org / jruby / RubyProc.java:281:in call'”, “/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/base.rb:257:inperform_request'”, “/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/http/manticore.rb:67:in perform_request'”, “/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/sniffer.rb:32:inhosts'”,“org / jruby / ext / timeout /Timeout.java:147:in timeout'“, “/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/sniffer.rb:31:inhosts'”,“/ opt / logstash / vendor /束/的jruby / 1.9 /宝石/ elasticsearch传输-1.0.18 / LIB / elasticsearch /运输/运输/ base.rb:79:在 reload_connections!'” “/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:72:insniff!'”,“/ opt /logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'” “组织/ JRuby中/转/线程/ Mutex.java:149:insynchronize'”, “/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'“,”org / jruby / RubyKernel.java:1479:inloop'“, “/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in `start_sniffing!'“],:level =>:error} {:时间戳=> “中2016-07-01T13:23:52.470000 + 0100”, :message =>“CircuitBreaker ::救援例外”,:name =>“Beats input”, :异常=> LogStash ::输入::节拍:: InsertingToQueueTakeTooLong, :level =>:warn} {:timestamp =>“2016-07-01T13:23:52.470000 + 0100”, :message =>“节拍输入:断路器检测到减速或 在管道中停止,输入正在关闭当前连接和 在管道恢复之前拒绝新的连接。“, :异常=> LogStash ::输入:: BeatsSupport ::断路器:: HalfOpenBreaker, :level =>:warn} {:timestamp =>“2016-07-01T13:23:52.471000 + 0100”, :message =>“CircuitBreaker ::救援例外”,:name =>“Beats input”, :异常=> LogStash ::输入::节拍:: InsertingToQueueTakeTooLong, :level =>:warn} {:timestamp =>“2016-07-01T13:23:52.471000 + 0100”, :message =>“节拍输入:断路器检测到减速或 在管道中停止,输入正在关闭当前连接和 在管道恢复之前拒绝新的连接。“, :异常=> LogStash ::输入:: BeatsSupport ::断路器:: HalfOpenBreaker, :level =>:warn} {:timestamp =>“2016-07-01T13:23:53.471000 + 0100”, :message =>“节拍输入:管道被阻止,临时拒绝 新连接。“,:reconnect_backoff_sleep => 0.5,:level =>:warn} {:时间戳=> “中2016-07-01T13:23:53.472000 + 0100”, :message =>“CircuitBreaker :: Open”,:name =>“Beats input”,:level =>:warn} {:timestamp =>“2016-07-01T13:23:53.473000 + 0100”,:message =>“Beats 输入:断路器检测到减速或失速 管道,输入正在关闭当前连接并拒绝 新连接,直到管道恢复。“, :异常=> LogStash ::输入:: BeatsSupport ::断路器:: OpenBreaker, :level =>:warn} {:timestamp =>“2016-07-01T13:23:53.972000 + 0100”, :message =>“节拍输入:管道被阻止,临时拒绝 新连接。“,:reconnect_backoff_sleep => 0.5,:level =>:warn}
答案 0 :(得分:1)
问题不是来自ruby代码,而是来自您与Elasticsearch的连接。
在你的stacktrace中:
" /opt/logstash/vendor/bundle/jruby/1.9/gems/的 logstash - 输出 - elasticsearch -2.7.0-java的/ LIB / logstash /输出/ elasticsearch / http_client .rb:59:在
您的Elasticsearch实例未启动或无法通过logstash访问。
答案 1 :(得分:0)
我通过删除elasticsearch中的索引解决了这个问题。
curl -XDELETE 'http://localhost:9200/filebeat-*'
请注意,红宝石不起作用。我不得不将我的日志格式更改为组合日志以处理异常。