Question

有一段时间试图在logstash中创建管道。我们有一个中央弹性堆栈，我想创建一个管道，但它似乎不喜欢我的配置文件：

input {
  beats {
    port => "5044"
  }
}

filter {
  grok {
    match => {
      "message" => '%{IPORHOST:remote_ip} - %{DATA:user_name} \[%{HTTPDATE:time}\] "%{WORD:request_action} %{DATA:request} HTTP/%{NUMBER:http_version}" %{NUMBER:response} %{NUMBER:bytes} "%{DATA:referrer}" "%{DATA:agent}"'
    }
  }

  date {
    match => [ "time", "dd/MMM/YYYY:HH:mm:ss Z" ]
    locale => en
  }

  geoip {
    source => "remote_ip"
    target => "geoip"
  }

  useragent {
    source => "agent"
    target => "user_agent"
  }
}

output {
  stdout { codec => rubydebug }
#   elasticsearch {
#     hosts => "elasticsearch:9200"
#     index => "nginx_proxy"
#     document_type => "logs"
#     template => "./nginx_template.json"
#     template_name => "nginx_template"
#     template_overwrite => true
#   }
}

我得到的错误是Cannot create pipeline {:reason=>"Expected one of #, input, filter, output at line 42, column 1 (byte 806) after "}，这是输出的最后一个大括号。有任何想法吗？：（

Logstash不喜欢管道

0 个答案: