我们最近在ES群集发生故障时遇到了问题。问题已解决,但在失败后filebeat无法发送新数据。
这是部分日志-似乎可以重试,但是无法发送数据:
2019-04-08T11:52:04.182+0300 INFO elasticsearch/client.go:690 Connected to Elasticsearch version 6.4.0
2019-04-08T11:52:04.185+0300 INFO template/load.go:73 Template already exists and will not be overwritten.
2019-04-08T11:52:04.185+0300 INFO [publish] pipeline/retry.go:172 retryer: send unwait-signal to consumer
2019-04-08T11:52:04.185+0300 INFO [publish] pipeline/retry.go:174 done
2019-04-08T11:52:59.058+0300 INFO [publish] pipeline/retry.go:149 retryer: send wait signal to consumer
2019-04-08T11:52:59.058+0300 INFO [publish] pipeline/retry.go:151 done
2019-04-08T11:53:00.065+0300 ERROR pipeline/output.go:92 Failed to publish events: temporary bulk send failure
2019-04-08T11:53:00.065+0300 INFO [publish] pipeline/retry.go:172 retryer: send unwait-signal to consumer
2019-04-08T11:53:00.065+0300 INFO [publish] pipeline/retry.go:174 done
2019-04-08T11:53:00.065+0300 INFO [publish] pipeline/retry.go:149 retryer: send wait signal to consumer
2019-04-08T11:53:00.065+0300 INFO [publish] pipeline/retry.go:151 done
我重新启动了Filebeat服务,所有数据都毫无问题地发送到了ES。
这是一个已知的问题? Filebeat版本相当旧,我应该更新吗?
我在Windows上将Filebeat 6.3.0作为服务运行。 Elasticsearch版本是6.4.0。
答案 0 :(得分:0)
请显示您的个人资料
我之前遇到过这个错误,因为我没有写procotol
下面是一个正确的配置文件
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/dmesg
- /var/log/syslog
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["http://192.168.13.173:30014"]
说明:https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html