当我运行这样的命令时(在Windows系统上):
logstash -f logstash-apache.conf
没有输出,也没有将任何日志存储到elasticsearch。 所以我觉得它没用。 顺便说一句,我参考了网站:https://www.elastic.co/guide/en/logstash/current/config-examples.html#config-examples
这是我的conf文件(logstash-apache.conf):
input {
file {
path => ["C:/Users/User/Downloads/logstash-5.5.1/bin/access_log.txt"]
start_position => "beginning"
}
}
filter {
if [path] =~ "access" {
mutate { replace => { "type" => "apache_access" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
stdout { codec => rubydebug }
}
这是输出: C:\ Users \ User \ Downloads \ logstash-5.5.1 \ bin> logstash -f logstash-apache.conf 错误StatusLogger找不到log4j2配置文件。使用默认配置:仅将错误记录到控制台。 将Logstash的日志发送到C:/Users/User/Downloads/logstash-5.5.1/logs,现在通过log4j2.properties配置 [2017-08-18T08:35:20,504] [INFO] [logstash.outputs.elasticsearch] Elasticsearch池URL已更新{:changes => {:removed => [],:added => [localhost:9200 / ]}} [2017-08-18T08:35:20,509] [INFO] [logstash.outputs.elasticsearch]运行运行状况检查以查看Elasticsearch连接是否正常工作{:healthcheck_url => localhost:9200 /,:path =>“/ “} [2017-08-18T08:35:20,668] [WARN] [logstash.outputs.elasticsearch]恢复与ES实例的连接{:url =>#} [2017-08-18T08:35:20,670] [INFO] [logstash.outputs.elasticsearch]使用{:path => nil}中的映射模板 [2017-08-18T08:35:20,725] [INFO] [logstash.outputs.elasticsearch]试图安装模板{:manage_template => {“template”=>“logstash- ”,“version”= > 50001,“settings”=> {“index.refresh_interval”=>“5s”},“mappings”=> {“_ default _”=> {“_ all”=> {“enabled”=> ; true,“norms”=> false},“dynamic_templates”=> [{“message_field”=> {“path_match”=>“message”,“match_mapping_type”=>“string”,“mapping” => {“type”=>“text”,“norms”=> false}}},{“string_fields”=> {“match”=>“”,“match_mapping_type”= >“string”,“mapping”=> {“type”=>“text”,“norms”=> false,“fields”=> {“keyword”=> {“type”=> ;“keyword”,“ignore_above”=> 256}}}}}],“properties”=> {“@ timestamp”=> {“type”=>“date”,“include_in_all”=> false},“@ version”=> {“type”=>“keyword”,“include_in_all”=> false},“geoip”=> {“dynamic”=> true,“properties”=> ; {“ip”=> {“type”=>“ip”},“location”=> {“type”=>“geo_point”},“latitude”=> {“type”=> ; “half_float”}, “经度”=> { “类型”=> “中half_float”}}}}}}}} [2017-08-18T08:35:20,734] [INFO] [logstash.outputs.elasticsearch]新Elasticsearch输出{:class =>“LogStash :: Outputs :: ElasticSearch”,:hosts => [#]} [2017-08-18T08:35:21,010] [INFO] [logstash.pipeline]起始管道{“id”=>“main”,“pipeline.workers”=> 4,“pipeline.batch.size”= > 125,“pipeline.batch.delay”=> 5,“pipeline.max_inflight”=> 500} [2017-08-18T08:35:21,896] [INFO] [logstash.pipeline]管道主要开始 [2017-08-18T08:35:22,036] [INFO] [logstash.agent]已成功启动Logstash API端点{:port => 9600}
提前谢谢你:)