我正在尝试配置新版本的logstash(7.x)
一切工作都已完成,logstash正在运行,我可以在kibana:slight_smile:上看到我的日志。但是映射/解析弹性搜索不起作用:(
以下是新logstash的配置:
我的配置文件:logstash.conf (这可以正常工作,但我猜模板部分配置不正确)。
displayField: 'text'我的elasticsearch-template.json看起来像这样:
input {
kafka {
topics => ["nifi-xxx-fab","nifi-yyy-fab"]
client_id => "logstash-FAB"
group_id => "Logs-FAB"
bootstrap_servers => '10.200.175.xxx:15011,10.200.175.xxx:15012,10.200.xxx.152:15013'
consumer_threads => 3
}
}
filter {
if [type] == "weblogic-xxx" {
date {
match => [ "date", "MMM d, yyyy, H:mm:ss,SSS a" ]
}
}
}
output {
elasticsearch {
hosts => ["elastixxxx:xxxx", "elastixxxx:xxxx", "elastixxxx:xxxx"]
index => "logstash-%{+YYYY.MM.dd}"
**template => "/usr/share/logstash/pipeline/elasticsearch-template.json"**
template_overwrite => "true"
}
}
我的docker logstash .yml配置
{
"index_patterns" : "logstash-*",
"settings" : {
"index" : {
"refresh_interval" : "5s"
}
},
"mappings" : {
"dynamic_templates" : [
{
"message_field" : {
"match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string"
}
}
},
{
"string_fields" : {
"match_mapping_type" : "string",
"mapping" : {
"type" : "string",
"fields" : {
"raw" : {
"type": "string",
"ignore_above" : 256
}
}
}
}
}
]
}
}
因此,当我部署logstash时。我得到以下错误信息:
logstash:
image: docker-virtual.artefact-repo.pole-emploi.intra/logstash/logstash:7.0.1
ports:
- "xxxx:xxxx"
- "xxxx:xxxx"
volumes:
- /nas/donapp/docke/_fsb/swmxor10/oxxx/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml
- /nas/donapp/docke/_fsb/swmxor10/oixxx/logstash/pipeline/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
- /nas/donapp/docke/_fsb/swmxor10/oi071/logstash/pipeline/elasticsearch-template.json:/usr/share/logstash/pipeline/elasticsearch-template.json
并且没有模板的东西,它可以工作,所以我很确定错误来自我的elasticsearch-template的配置
我模板的旧配置如下(并且运行良好)
message=>"Expected one of #, input, filter, output at line 1,
谢谢你们的帮助。
致谢