我今天跨越了一个ELK堆栈并且一切运行良好,但由于某种原因,Kibana将自己的消息以JSON格式记录到syslog中。例如:
Oct 19 18:49:28 elk-host kibana[11111]: {"type":"response","@timestamp":"2016-10-19T17:49:28+00:00","tags":[],"pid":22749,"method":"post","statusCode":200,"req":{"url":"/elasticsearch/logstash*/_field_stats?level=indices","method":"post","headers":{"host":"1.2.3.4:5601","connection":"keep-alive","content-length":"178","accept":"application/json, text/plain, */*","origin":"http://1.2.3.4:5601","kbn-version":"4.4.2","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36","content-type":"application/json;charset=UTF-8","referer":"http://1.2.3.4:5601/app/kibana","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.8"},"remoteAddress":"5.6.7.8","userAgent":"5.6.7.8","referer":"http://1.2.3.4:5601/app/kibana"},"res":{"statusCode":200,"responseTime":11,"contentLength":9},"message":"POST /elasticsearch/logstash*/_field_stats?level=indices 200 11ms - 9.0B"}
所有其他日志都采用正常格式
这是故意还是我错过了某处的Kibana设置?
如果这是故意的,我可能只是添加一个syslog过滤器来正确记录它...但希望我不必
答案 0 :(得分:5)
在Kibana配置文件(config/kibana.yml)中,您可以添加以下(未记录的)设置:
logging.json: false
并且您的Kibana日志将不再格式化为JSON。