我是ELK的新手,我正在努力使用ELK堆栈。我在WINDOWS上执行以下操作, 1.已安装弹性搜索,已通过http://localhost:9200/确认 2.已安装的logstash,使用http://localhost:9600/确认 logstash -f logstash.config
logstash.config file looks like this,
input {
beats {
port => "5043"
}
}
# The filter part of this file is commented out to indicate that it is
# optional.
# filter {
#
# }
output {
elasticsearch { hosts => ["localhost:9200"] }
}
3. Installed Kibana, confirmed using http://localhost:5601
Now, i want to use filebeat to pass a log file to logstash which parses and forwards it to Elastic search for indexing. and finally kibana displays it.
In order to do that,
"
i did the following changes in filebeat.yml.
change 1 :
In Filebeat prospectors, i added
paths:
# - /var/log/*.log
- D:\KibanaInput\vinod.log
Contents of vinod.log: Hello World from FileBeat.
Change 2:
In Outputs,
#output.logstash:
# The Logstash hosts
hosts: ["localhost:9600"]
when i run the below command,
filebeat -c filebeat.yml -e
i get the below error,
ERR Connecting error publishing events (retrying): Failed to parse JSON response: json: cannot unmarshal string into Go value of type struct { Number string }
Please let me know what mistake i am doing.
答案 0 :(得分:0)
你的道路很好。
请确认以下内容:
确保您的邮件正确无误。在logstash管道配置文件中添加以下输出。
输出{ stdout {codec => json} }
3.以调试模式启动logstash。
4.如果您正在阅读具有相同内容的同一文件,请确保删除filebeat中的注册表文件。 ($ filebeatHome /数据/注册表)
5.阅读日志文件。