我的logstash配置可以使用6.5.1版本,但是不能使用6.5.3
input {
file {
path => "D:\gitProjects\my\sources\my.log"
codec => "json"
type => "my"
}
}
output {
if [type]=="my" {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "my-%{+YYYY.MM.dd}"
}
}
}
1)我开始elasticksearch并打开http://localhost:9200/_cat/indices?v-我看到空白页
2)我开始kibana并打开http://localhost:5601之后,看到
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_1 DeLeJPxsR02cAPdCCHsVrg 1 0 4 0 22.6kb 22.6kb
在http://localhost:9200/_cat/indices?v
3)我启动我的应用程序,并在my.log中包含数据
4)我开始Logstash-logstash.bat -f my.conf,它开始成功:
[2018-12-19T14:55:27,550][INFO ][logstash.agent ] Successfully started
Logstash API endpoint {:port=>9600}
但是没有新的索引弹性。我不懂为什么。他要么看不到带有日志的文件,要么无法写入弹性文件,或者我忘记做某事
答案 0 :(得分:1)
以下代码对我有效(Windows)。您可能需要尝试一下
input {
file {
path => "D:/gitProjects/my/sources/my.log" # Use / instead of \
codec => "json"
type => "my"
start_position => "beginning" # Add these two lines to your code
sincedb_path => "NUL"
}
}
output {
if [type]=="my" {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "my-%{+YYYY.MM.dd}"
}
}
}