我正在使用ELK堆栈将日志索引到elasticsearch,如下所示:
Filebeats-> Logstash-> Elasticsearch-> Kibana
filebeat.yml:
filebeat.prospectors:
-
input_type: log
paths:
- "C:\\Tools\\apache-tomcat-8.5.15\\logs\\*.log"
output.logstash:
hosts:
- "127.0.0.1:5043"
logstash.conf:
input {
beats {
port => 5043
type => "log4j"
codec => multiline {
# Grok pattern names are valid!
pattern => "^%{TIMESTAMP_ISO8601} "
}
}
}
output {
elasticsearch {
hosts => [ "localhost:9200"]
index => "logs"
}
stdout { codec => rubydebug }
}
kibana.yml:
elasticsearch.preserveHost: true
elasticsearch.startupTimeout: 5000
elasticsearch.url: "http://localhost:9200"
i18n.defaultLocale: en
logging.dest: stdout
logging.quiet: true
ops.interval: 5000
server.host: localhost
server.name: kibanaserver
server.port: 5601
我可以看到logstash收到的日志在其控制台中打印出来。但是在弹性搜索中没有索引。我不知道将日志推送到es会缺少什么配置。我已经检查了我的相关端口正在工作,因为我可以通过postman拨打端口9200上的elasticsearch。我的日志是 NOT JSON ,但是tomcat容器生成的典型javastackstrace如下所示:
javax.servlet.jsp.JspTagException: Invalid JSP file /jsp/num/numguess.jsp
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
请建议我该如何解决?