这是logstash5.1.1配置文件内容,用于匹配elasticsearch5.1.1的慢速日志。
input {
file {
path => "C:\Users\571952\Downloads\elasticsearch-5.1.1\elasticsearch-5.1.1\logs\elasticsearch_index_search_slowlog"
start_position => "beginning"
}
}
filter {
grok { # parses the common bits
match => [ "message", "[%{TIMESTAMP_ISO8601:logtime}][%{LOGLEVEL:log_level}]
[%{DATA:es_slowquery_type}]\s*[%{DATA:es_host}]\s*[%{DATA:es_index}]\s*[%{DATA:es_shard}]\s*took[%{DATA:es_duration}],\s*took_millis[%{DATA:es_duration_ms:float}],\s*types[%{DATA:es_types}],\s*stats[%{DATA:es_stats}],\s*search_type[%{DATA:es_search_type}],\s*total_shards[%{DATA:es_total_shards:float}],\s*source[%{GREEDYDATA:es_source}],\s*extra_source[%{GREEDYDATA:es_extra_source}],"]
}
mutate {
gsub => [
"source_body", "], extra_source[$", ""
]
}
}
output {
file {
path => "C:\Users\571952\Desktop\logstash-5.1.1\just_queries"
codec => "json_lines"
message_format => "%{source_body}"
}
}
当我在logstash 5.1.1中执行此操作时,我得到了这样的错误
[2017-01-03T11:45:20,419][FATAL][logstash.runner ] The given configuration is in
valid. Reason: The setting `message_format` in plugin `file` is obsolete and is no longer
available. You can achieve the same behavior with the 'line' codec If you have any quest
ions about this, you are invited to visit https://discuss.elastic.co/c/logstash and ask.
有人可以帮我解决这个错误吗?
答案 0 :(得分:0)
message_format自logstash 2.2版本以来已弃用,已从logstash 5.1版本中删除。
删除该行。