我正在尝试将我的Logstash配置为从指定的日志文件中读取。当我将它配置为从stdin读取时,它按预期工作,我的输入产生来自Logstash的消息并显示在我的Kibana UI中。
$ cat /tmp/logstash-stdin.conf
input {
stdin {}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
$./logstash -f /tmp/logstash-stdin.conf
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
The stdin plugin is now waiting for input:
hellloooo
{
"@version" => "1",
"host" => "myhost.com",
"@timestamp" => 2017-11-17T16:05:41.595Z,
"message" => "hellloooo"
}
但是,当我使用文件输入运行Logstash时,我没有表明该文件已加载到Logstash中,并且它没有显示在Kibana中。
$ cat /tmp/logstash-simple.conf
input {
file {
path => "/tmp/test_log.txt"
type => "syslog"
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
$ ./logstash -f /tmp/logstash-simple.conf
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
有关如何解决为什么我的Logstash没有提取配置文件的任何建议?
答案 0 :(得分:1)
默认情况下,文件输入插件会在文件末尾开始读取,因此只会处理Logstash启动后添加的行。要在启动时读取所有现有行,请在配置中添加"start_position" => "beginning"选项,explained in documentation。