Logstash 6.2.4,ElasticSearch 6.2.4 第一次使用这些工具。我试图在此示例后将IIS日志转换为elasticsearch:Importing iis logs into elasticsearch using logstash
使用以下命令运行独立测试:。\ logstash.bat agent -f .. \ conf 导致这些错误:
[2018-06-01T08:45:58,830] [INFO] [logstash.runner]启动Logstash { “logstash.version”=> “中6.2.4”} [2018-06-01T08:45:59,604] [INFO] [logstash.agent]已成功启动Logstash API端点{:port => 9600} [2018-06-01T08:46:03260] [ERROR] [logstash.outputs.elasticsearch] 未知的设置'embedded'用于elasticsearch [2018-06-01T08:46:03261] [ERROR] [logstash.outputs.elasticsearch] 未知设置弹性搜索的“主机” [2018-06-01T08:46:03262] [ERROR] [logstash.outputs.elasticsearch] 未知的弹性搜索设置'端口' [2018-06-01T08:46:03263] [ERROR] [logstash.outputs.elasticsearch] 弹性搜索的未知设置'协议' [2018-06-01T08:46:03,277] [错误] [logstash.agent]失败 执行行动 {:行动=> LogStash :: PipelineAction ::创建/ pipeline_id:主, :exception =>“LogStash :: ConfigurationError”,:message =>“有些东西是 你的配置有问题。“ [2018-06-01T08:46:03,277] [错误] [logstash.agent]无法执行操作{:action => LogStash :: PipelineAction :: Create / pipeline_id:main,:exception =>“LogStash :: ConfigurationError“,:message =>”您的配置出了问题。“,:backtrace => [”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/ config / mixin.rb:89:在
config_init'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/outputs/base.rb:63:in
initialize'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/output_delegator_strategies/shared.rb: 3:在initialize'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/output_delegator.rb:24:in
initialize'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/plugins/plugin_factory.rb:85:in {{1插件'“,”(eval):252:在plugin'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline.rb:112:in
eval'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline .rb:84:在<eval>'", "org/jruby/RubyKernel.java:994:in
initialize'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline_action/create.rb:40:in “initialize'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline.rb:169:in
阻止在converge_state'”,“D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash /agent.rb:141:inexecute'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:315:in
块在converge_state'“,”org / jruby / RubyArray.java:1734:inwith_pipelines'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:312:in
converge_state'“,”D:/ElasticSearch/logstash-6.2。 4 / logstash-6.2.4 / logstash -core / lib / logstash / agent.rb:166:ineach'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:299:in
with_pipelines'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/ logstash-core / lib / logstash / agent.rb:164:在block in converge_state_and_update'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:141:in
执行'“,”D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/ runner.rb:348:在converge_state_and_update'", "D:/ElasticSearch/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:90:in
块中初始化'“]}
设置(嵌入式,主机,端口,协议)是conf文件中提供的默认设置。正如我所提到的,这是我第一次使用logstash。任何帮助确定配置有什么问题都将受到赞赏。
http://localhost:9200会返回elasticsearch的成功回复。
谢谢!