我正在使用Logstash 6.7版。有我的logstash.config内容:
input{
beats{
port => "5044"
}
}
filter {
if "logFromRemote" in [tags] {
xml {
source => "message"
store_xml => "false"
xpath => ["/LogEntry/ID/text()", "id"]
xpath => ["/LogEntry/Timestamp/text()", "timestamp"]
xpath => ["/LogEntry/LogLevel/text()", "logLevel"]
xpath => ["/LogEntry/Message/text()", "msg"]
xpath => ["/LogEntry/Exception/text()", "exception"]
}
}
}
output{
elasticsearch{
hosts => ["localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
logstash成功从我的filebeat接收消息,但是忽略了我的配置。 XML解析器无法正常工作,所有数据都转到filebeat- {date}索引,而是转到filebeat- {version}-{date}中,如我在配置中所述。
还有文件“ beats.config”。我试图在其中放置相同的配置,但没有成功。