在运行bin / logstash -f logstash.conf --debug时,它不会在Elasticsearch中创建索引。直到我停止logstash,然后它在ES中创建了一个索引。
如果我添加功能"将会出现问题。 codec =>多线"但它需要使用codec =>多。
有人可以帮我解决Logstash.conf的问题吗?
input {
file {
type => "json-log"
path => "/logfile/*.json"
start_position => "beginning"
sincedb_path => "/dev/null"
ignore_older => 0
codec => multiline {
pattern => "^\["
negate => "true"
what => "previous"
}
}
}
filter {
grok {
match => ["message", "%{GREEDYDATA:msg}"]
overwrite => [ "message" ]
}
json {
source => "msg"
}
}
output {
elasticsearch {
hosts => ["xxxxx.com:9206"]
index => "fpngilog-%{+YYYY-MM-dd}"
#document_type => "hola"
}
stdout { codec => rubydebug }
}