Logstash configtest

时间:2016-12-26 20:39:24

标签: logstash logstash-configuration

我运行了服务logstash configtest,但给出的错误是:

  

logstash:无法识别的服务

我能够单独运行logstash服务,但不能运行“configtest”。在etc / logstash / conf.d /我创建了logstash.conf文件,其中包含以下代码: -

其他信息: - 

service logstash status
● logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; disabled)
   Active: active (running) since Mon 2016-12-26 12:40:58 PST; 6s ago
 Main PID: 3512 (java)
   CGroup: /system.slice/logstash.service
           └─3512 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX...

Dec 26 12:40:58 Mr systemd[1]: Started logstash.

使用configtest运行时的服务: - 

root@Mr:/# service logstash configtest
logstash: unrecognized service

我在debian8机器上运行这个,希望我能从你们那里得到一个很好的解决方案。

# This input block will listen on port 10514 for logs to come in.
# host should be an IP on the Logstash server.
# codec => "json" indicates that we expect the lines we're receiving to be in JSON format
# type => "rsyslog" is an optional identifier to help identify messaging streams in the pipeline.

input {
  udp {
    host => "logstash_private_ip"
    port => 10514
    codec => "json"
    type => "rsyslog"
  }
}

# This is an empty filter block.  You can later add other filters here to further process
# your log lines

filter { }

# This output block will send all events of type "rsyslog" to Elasticsearch at the configured
# host and port into daily indices of the pattern, "rsyslog-YYYY.MM.DD"

output {
  if [type] == "rsyslog" {
    elasticsearch {
      hosts => [ "elasticsearch_private_ip:9200" ]
    }
  }
}

7 个答案:

答案 0 :(得分:46)

用于旧的logstash 

/opt/logstash/bin/logstash --configtest -f /etc/logstash/conf.d/

后来,它被安装在/ usr / share / logstash中,所以尝试

/usr/share/logstash/bin/logstash --configtest -f <the config file/folder>

或者如果运行版本5.1+使用--config.test_and_exit 

/usr/share/logstash/bin/logstash --config.test_and_exit -f <the config file/folder>

答案 1 :(得分:13)

我遇到了同样的问题,这给了我很多帮助:

如果您运行的是Logstash版本5,则以下命令测试配置会出错:

sudo /opt/logstash/bin/logstash --configtest -f /etc/logstash/conf.d/

测试它的正确命令是:

sudo -u logstash /usr/share/logstash/bin/logstash --path.settings /etc/logstash -t

我正在运行ELK + filebeat,因为Ubuntu Server 16.04,我的结果是: 将Logstash的日志发送到/ var / log / logstash,现在通过log4j2.properties配置 配置确定

来源: https://www.elastic.co/guide/en/logstash/current/running-logstash.html; https://github.com/elastic/logstash/issues/6161

答案 2 :(得分:6)

使用官方logstash Docker镜像验证本地文件:

docker run -it -v /etc/logstash:/etc/logstash logstash /usr/share/logstash/bin/logstash -t -f /etc/logstash/logstash.conf

这假设您的配置文件位于/etc/logstash的本地,然后将该文件夹安装到容器中,位于相同的路径下。然后二进制文件可以在容器中找到配置文件。

可能有更好的方法来运行该命令,这对我有用。

答案 3 :(得分:6)

用于logstash 5.1其

/usr/share/logstash/bin/logstash --config.test_and_exit -f logstash.yml

答案 4 :(得分:1)

您应该在CentOS版本7上执行此操作:

/etc/rc.d/init.d/logstash configtest /etc/logstash/conf.d/test.conf

答案 5 :(得分:1)

如果要使用docker容器logstash 6.x测试配置,则

docker run -it -v $PWD:/etc/logstash/conf.d --entrypoint "bin/logstash" logstash "--config.test_and_exit"

答案 6 :(得分:0)

在Centos 7上,您还可以使用以下命令:

/usr/share/logstash/bin/logstash --path.settings /etc/logstash/
--config.test_and_exit /etc/logstash/conf.d/logstash.conf
相关问题
最新问题