这不起作用。没有输出。我想使用sincedb_path => " / MNT /麋鹿/ logstash /脚本/ sincedb / from_nifi_dev_logs_nifi_6
sudo rm -rf /mnt/elk/logstash/scripts/sincedb/from_nifi_dev_logs_nifi_6
sudo /usr/share/logstash/bin/logstash -e 'input { file { path => "/mnt/elk/logstash/data/from/nifi/dev/logs/nifi_copied/nifi-app.log" sincedb_path => "/mnt/elk/logstash/scripts/sincedb/from_nifi_dev_logs_nifi_6" } } output { stdout { codec => rubydebug } }' --verbose
默认目录中没有sincedb文件。
ls /usr/share/logstash/data/plugins/inputs/file
no files
这很有效。我不想使用start_position =>开始sincedb_path => "的/ dev / null的"
sudo /usr/share/logstash/bin/logstash -e 'input { file { path => "/mnt/elk/logstash/data/from/nifi/dev/logs/nifi_copied/nifi-app.log" start_position => beginning sincedb_path => "/dev/null" } } output { stdout { codec => rubydebug } }' --verbose
{
"@version" => "1",
"host" => "hostname",
"path" => "/mnt/elk/logstash/data/from/nifi/dev/logs/nifi_copied/nifi-app.log",
"@timestamp" => 2018-02-07T19:24:31.758Z,
"message" => "Caused by: java.io.IOException: null"
}
答案 0 :(得分:0)
您想要添加 start_position =>开始到您的命令。
start_position:默认行为会将文件视为直播,因此会在结尾处开始。如果您要导入旧数据,请将其设置为开头。
运行此命令:
sudo /usr/share/logstash/bin/logstash -e 'input { file { path => "/mnt/elk/logstash/data/from/nifi/dev/logs/nifi_copied/nifi-app.log" start_position => beginning sincedb_path => "/mnt/elk/logstash/scripts/sincedb/from_nifi_dev_logs_nifi_6" } } output { stdout { codec => rubydebug } }' --verbose
另外,请确保 from_nifi_dev_logs_nifi_6 是一个文件,而不是目录。
sincedb_path: sincedb数据库文件的路径...注意:它必须是文件路径而不是目录路径