logstash 6.2.4将IIS日志转换为elasticsearch unknown settings

时间:2018-06-01 13:40:23

标签: elasticsearch iis logstash

Logstash 6.2.4,ElasticSearch 6.2.4 第一次使用这些工具。我试图在此示例后将IIS日志转换为elasticsearch:Importing iis logs into elasticsearch using logstash

使用以下命令运行独立测试:。\ logstash.bat agent -f .. \ conf 导致这些错误:

  

[2018-06-01T08:45:58,830] [INFO] [logstash.runner]启动Logstash   { “logstash.version”=&gt; “中6.2.4”}   [2018-06-01T08:45:59,604] [INFO] [logstash.agent]已成功启动Logstash API端点{:port =&gt; 9600}   [2018-06-01T08:46:03260] [ERROR] [logstash.outputs.elasticsearch]   未知的设置'embedded'用于elasticsearch   [2018-06-01T08:46:03261] [ERROR] [logstash.outputs.elasticsearch]   未知设置弹性搜索的“主机”   [2018-06-01T08:46:03262] [ERROR] [logstash.outputs.elasticsearch]   未知的弹性搜索设置'端口'   [2018-06-01T08:46:03263] [ERROR] [logstash.outputs.elasticsearch]   弹性搜索的未知设置'协议'   [2018-06-01T08:46:03,277] [错误] [logstash.agent]失败   执行行动   {:行动=&GT; LogStash :: PipelineAction ::创建/ pipeline_id:主,   :exception =&gt;“LogStash :: ConfigurationError”,:message =&gt;“有些东西是   你的配置有问题。“   [2018-06-01T08:46:03,277] [错误] [logstash.agent]无法执行操作{:action =&gt; LogStash :: PipelineAction :: Create / pipeline_id:main,:exception =&gt;“LogStash :: ConfigurationError“,:message =&gt;”您的配置出了问题。“,:backtrace =&gt; [”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/ config / mixin.rb:89:在config_init'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/outputs/base.rb:63:in initialize'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/output_delegator_strategies/shared.rb: 3:在initialize'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/output_delegator.rb:24:in initialize'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/plugins/plugin_factory.rb:85:in {{1插件'“,”(eval):252:在plugin'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline.rb:112:in eval'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline .rb:84:在<eval>'", "org/jruby/RubyKernel.java:994:in initialize'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline_action/create.rb:40:in “initialize'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline.rb:169:in阻止在converge_state'”,“D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash /agent.rb:141:in execute'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:315:in块在converge_state'“,”org / jruby / RubyArray.java:1734:in with_pipelines'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:312:in converge_state'“,”D:/ElasticSearch/logstash-6.2。 4 / logstash-6.2.4 / logstash -core / lib / logstash / agent.rb:166:in each'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:299:in with_pipelines'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/ logstash-core / lib / logstash / agent.rb:164:在block in converge_state_and_update'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:141:in执行'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/ runner.rb:348:在converge_state_and_update'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:90:in块中初始化'“]}

设置(嵌入式,主机,端口,协议)是conf文件中提供的默认设置。正如我所提到的,这是我第一次使用logstash。任何帮助确定配置有什么问题都将受到赞赏。

http://localhost:9200会返回elasticsearch的成功回复。

谢谢!

0 个答案:

没有答案