有一段时间试图在logstash中创建管道。我们有一个中央弹性堆栈,我想创建一个管道,但它似乎不喜欢我的配置文件:
input {
beats {
port => "5044"
}
}
filter {
grok {
match => {
"message" => '%{IPORHOST:remote_ip} - %{DATA:user_name} \[%{HTTPDATE:time}\] "%{WORD:request_action} %{DATA:request} HTTP/%{NUMBER:http_version}" %{NUMBER:response} %{NUMBER:bytes} "%{DATA:referrer}" "%{DATA:agent}"'
}
}
date {
match => [ "time", "dd/MMM/YYYY:HH:mm:ss Z" ]
locale => en
}
geoip {
source => "remote_ip"
target => "geoip"
}
useragent {
source => "agent"
target => "user_agent"
}
}
output {
stdout { codec => rubydebug }
# elasticsearch {
# hosts => "elasticsearch:9200"
# index => "nginx_proxy"
# document_type => "logs"
# template => "./nginx_template.json"
# template_name => "nginx_template"
# template_overwrite => true
# }
}
我得到的错误是Cannot create pipeline {:reason=>"Expected one of #, input, filter, output at line 42, column 1 (byte 806) after "},这是输出的最后一个大括号。有任何想法吗? :(