尝试所有选项后,logstash无法读取输入文件

时间:2019-04-30 13:02:22

标签: logstash logstash-file

Logstash没有接受文件输入,我已经尝试了所有可用选项以及其他问题的答案。附加conf文件和日志。

尝试:

start_position => beginning 
 sincedb_path => "D:\ELK\d.d1"
 ignore_older => 0

配置文件:

input {
   file {
      path => "D:\ELK\inlog.log"
      start_position => beginning 
      sincedb_path => "D:\ELK\d.d1"
      ignore_older => 0
   }enter code here
}
output {
   file {
      path => "D:\ELK\outlog.log"
   }
}

日志:

Sending Logstash logs to D:/ELK/logstash-6.5.4/logstash-6.5.4/logs which is now configured via log4j2.properties
[2019-04-30T18:21:21,370][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-04-30T18:21:21,401][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.5.4"}
[2019-04-30T18:21:24,666][INFO ][logstash.pipeline        ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2019-04-30T18:21:25,104][INFO ][logstash.pipeline        ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x6f6c3c0b run>"}
[2019-04-30T18:21:25,151][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-04-30T18:21:25,166][INFO ][filewatch.observingtail  ] START, creating Discoverer, Watch with file and sincedb collections
[2019-04-30T18:21:25,470][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

输入文件:

this is testing of me 
this is testing of me

未生成输出文件。 请帮助

1 个答案:

答案 0 :(得分:0)

对于文件,我认为您可以使用filebeat来监视和读取文件,然后将输出发送到logstash。这是yml文件拍子配置的示例。

filebeat.prospectors:
- type: log
  _type: applogs
  tags: ['applogs']
  multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
  multiline.negate: true
  multiline.match: after
  multiline.max_lines: 100
  scan.order: desc
  scan.sort: modtime
  scan_frequency: 10s
  backoff: 10s
  close_inactive: 10m
  #clean_inactive removes the state of a file after the specified period of inactivity has elapsed. 
  #clean_inactive setting must be greater than ignore_older + scan_frequency
  #ignore_older: 72h
  #clean_inactive: 80h
  paths:
  - C:\logs\logserver\production\app\*\*.txt
  - C:\logs\logserver\production\app\AlertMessage\debug_XXX*.txt
- type: log
  _type: IIS
  tags: ['IIS']
  scan.order: desc
  scan.sort: modtime
  scan_frequency: 10s
  close_inactive: 10m
  #Enable for Production
  #ignore_older: 72h
  clean_inactive: 80h
  paths: 
    - C:\logs\IISLogs\W3SVC1\*.log

#----------------------------- Logstash output --------------------------------
output.logstash:
  # Boolean flag to enable or disable the output module.
  enabled: true
  hosts: ["127.0.0.1:5044"]
  # Number of workers per Logstash host.
  worker: 2
相关问题
最新问题