Question

我有以下日志文件，希望将其索引到elasticsearch中。

日志文件内容为：

64.242.88.10 - - [08/Mar/2004:08:29:36 -0800] "GET /twiki/bin/view/TWiki/TWikiCategoryTable HTTP/1.1" 200 3729
219.95.17.51 - - [08/Mar/2004:08:29:57 -0800] "GET / HTTP/1.1" 200 3169
212.92.37.62 - - [08/Mar/2004:08:30:25 -0800] "GET /twiki/bin/view/Main/SpamAssassinDeleting HTTP/1.1" 200 5543
212.92.37.62 - - [08/Mar/2004:08:31:37 -0800] "GET /twiki/bin/view/Main/DCCAndPostFix HTTP/1.1" 200 5253
10.0.0.153 - - [08/Mar/2004:08:32:24 -0800] "GET / HTTP/1.1" 304 -
10.0.0.153 - - [08/Mar/2004:08:32:27 -0800] "GET /twiki/bin/view/Main/WebHome HTTP/1.1" 200 10419

logstash配置文件为：

input {
  file {
    path => "C:/Users/abhijitb/Downloads/apache-access_log/access_log/access_log.log"
    start_position => "beginning"
    sincedb_path => "logger.txt"
  }
}

filter {
 grok {
   match=> {
    "message" => '%{IPORHOST:clientip} - - \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} %{NUMBER:bytes}'
    }
  }

  date {
    match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
  }

  geoip {
    source => "clientip"
  }
}

output {
   stdout { codec => rubydebug { metadata => true } }
   elasticsearch {
     hosts => "http://localhost:9200"
     index => "logstash-logs-1"
  }
}

当我从logstash运行命令

时

logstash -f logstashLogFile.conf

什么都没有发生。.

我使用Test grok模式进行了相同的测试，它显示了所有结果。 Grok Test

Logstash配置不适用于日志文件

0 个答案: