Logstash 5.1.1配置文件执行错误?

时间:2017-01-04 09:28:42

标签: logstash-configuration elasticsearch-5

此代码用于将slowlog的elasticsearch 5.1.1发送到logstash 5.1.1作为输入:

    input {
  file {
    path => "C:\Users\571952\Downloads\elasticsearch-5.1.1\elasticsearch-5.1.1\logs\elasticsearch_index_search_slowlog"
    start_position => "beginning"
  }
}

filter {
  grok {  # parses the common bits
    match => [ "message", "[%{URIHOST}:%{ISO8601_SECOND}][%{LOGLEVEL:log_level}]
[%{DATA:es_slowquery_type}]\s*[%{DATA:es_host}]\s*[%{DATA:es_index}]\s*[%{DATA:es_shard}]\s*took[%{DATA:es_duration}],\s*took_millis[%{DATA:es_duration_ms:float}],\s*types[%{DATA:es_types}],\s*stats[%{DATA:es_stats}],\s*search_type[%{DATA:es_search_type}],\s*total_shards[%{DATA:es_total_shards:float}],\s*source[%{GREEDYDATA:es_source}],\s*extra_source[%{GREEDYDATA:es_extra_source}]"]
     }

  mutate {
    gsub => [
      "source_body", "], extra_source[$", ""
    ]
  }
}

output {
  file {
    path => "C:\Users\571952\Desktop\logstash-5.1.1\just_queries"
    codec => "json_lines" 

  }
}

当我运行此代码时,它在命令提示符中显示如下错误。

    [2017-01-04T18:30:32,032][ERROR][logstash.agent           ] Pipeline aborted due to error
 {:exception=>#<RegexpError: premature end of char-class: /], extra_source[$/>, :backtrac
e=>["org/jruby/RubyRegexp.java:1424:in `initialize'", "C:/Users/571952/Desktop/logstash-5
.1.1/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.1.3/lib/logstash/filters/mutat
e.rb:196:in `register'", "org/jruby/RubyArray.java:1653:in `each_slice'", "C:/Users/57195
2/Desktop/logstash-5.1.1/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.1.3/lib/lo
gstash/filters/mutate.rb:184:in `register'", "C:/Users/571952/Desktop/logstash-5.1.1/logs
tash-core/lib/logstash/pipeline.rb:230:in `start_workers'", "org/jruby/RubyArray.java:161
3:in `each'", "C:/Users/571952/Desktop/logstash-5.1.1/logstash-core/lib/logstash/pipeline
.rb:230:in `start_workers'", "C:/Users/571952/Desktop/logstash-5.1.1/logstash-core/lib/lo
gstash/pipeline.rb:183:in `run'", "C:/Users/571952/Desktop/logstash-5.1.1/logstash-core/l
ib/logstash/agent.rb:292:in `start_pipeline'"]}
[2017-01-04T18:30:32,141][INFO ][logstash.agent           ] Successfully started Logstash
 API endpoint {:port=>9600}
[2017-01-04T18:30:35,036][WARN ][logstash.agent           ] stopping pipeline {:id=>"main
"}

有人可以帮我解决这个问题吗?

这是我的慢速日志的代码

    [2016-12-28T15:53:21,341][DEBUG][index.search.slowlog.query] [vVhZxH7] [sw][0] took[184.7micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{
  "ext" : { }
}],

0 个答案:

没有答案
相关问题
最新问题