我正在尝试使用自定义模板svlog处理我的日志,但Inex没有基于我的模板在运行中创建。我面临以下错误
"error"=>{"type"=>"index_not_found_exception", "reason"=>"no such index", "resource.type"=>"index_expression", "resource.id"=>"svlogs-2016.12.29", "index_uuid"=>"_na_", "index"=>"svlogs-2016.12.29"}
我的输出是
output {
elasticsearch {
hosts => [ "192.168.254.129:9200" ]
user => "logstash"
password => "selva123"
template_name => "svlogs"
index => "svlogs-%{+YYYY.MM.dd}"
}}
我的模板是:
curl -XPUT '192.168.254.129:9200/_template/svlogs?pretty' -d'
{
"template": "svlogs*",
"settings": {
"number_of_shards": 1
},
"mappings" : {
"_default_" : {
"properties" : {
"MSGID" : {"type": "integer" },
"debug" : {"type": "string" , "index" : "not_analyzed" },
"Error" : { "type" : "string", "index" : "not_analyzed" },
"client" : { "type" : "string" },
"eno" : { "type" : "integer" },
"login" : { "type" : "string" },
"message" : { "type" : "string" },
"pid" : { "type" : "integer" },
"process" : { "type" : "string" },
"sv_date" : { "type": "date", "format": "EEE MMM dd HH:mm:SS yyyy"},
"type" : { "type" : "string" }
}
}
}
}'
我期待logstash会根据给定的太阳穴创建指数
实际上它一直在工作,直到我安装x-pack。 Theni已经解决了我所有与权限相关的问题,现在我需要手动创建索引以使我的logstash工作。我尝试将managae_temaple添加为" false"仍然没有帮助。
请指导提前致谢。
答案 0 :(得分:0)
在我在elasticsearch.yml
中注释下面的行后,问题得到了解决#action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*