logstash-config.conf
input {
file {
path => ["D:/project/log/samplex.log"]
sincedb_path => "D:/Project/logstash-7.5.0/data/plugins/inputs/file/null"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["192.168.1.8:9200"]
index => "db"
#user => "elastic"
#password => "changeme"
} }
控制台日志
D:\ Project \ logstash-7.5.0 \ bin> logstash -f logstash-sample.conf
Thread.exclusive已过时,请使用Thread :: Mutex发送Logstash 日志到D:/Project/logstash-7.5.0/logs,现在通过 log4j2.properties [2019-12-16T23:26:28,465] [警告 ] [logstash.config.source.multilocal]忽略“ pipelines.yml”文件 因为指定了模块或命令行选项
[2019-12-16T23:26:28,580] [INFO] [logstash.runner]启动Logstash
{“ logstash.version” =>“ 7.5.0”} [2019-12-16T23:26:30,143] [INFO ] [org.reflections.Reflections]反射用了32毫秒来扫描1个网址, 产生20个键和40个值[2019-12-16T23:26:31,024] [INFO ] [logstash.outputs.elasticsearch] [main] Elasticsearch池URL 更新了{:changes => {:removed => [],:added => [http://192.168.1.8:9200/]}} [2019-12-16T23:26:31,201] [WARN] [logstash.outputs.elasticsearch] [main] 已恢复与ES实例{:url =>“ http://192.168.1.8:9200/”}的连接 [2019-12-16T23:26:31,256] [INFO] [logstash.outputs.elasticsearch] [main] 确定ES输出版本{:es_version => 7} [2019-12-16T23:26:31,264] [WARN] [logstash.outputs.elasticsearch] [main] 检测到6.x及更高版本的群集:type
事件字段将不被使用 确定文档_type {:es_version => 7} [2019-12-16T23:26:31,333] [INFO] [logstash.outputs.elasticsearch] [main] 新的Elasticsearch输出{:class =>“ LogStash :: Outputs :: ElasticSearch”, :hosts => [“ // 192.168.1.8:9200”]} [2019-12-16T23:26:31,404] [INFO ] [logstash.outputs.elasticsearch] [main]使用默认映射模板 [2019-12-16T23:26:31,439] [警告 ] [org.logstash.instrument.metrics.gauge.LazyDelegatingGauge] [main] A 未知类型的量规 (org.jruby.specialized.RubyArrayOneObject)已为密钥创建: cluster_uuids。这可能会导致无效的序列化。它是 建议将问题记录到负责的开发人员/开发人员 球队。 [2019-12-16T23:26:31,449] [INFO] [logstash.javapipeline
] [main]启动管道{:pipeline_id =>“ main”, “ pipeline.workers” => 8,“ pipeline.batch.size” => 125, “ pipeline.batch.delay” => 50,“ pipeline.max_inflight” => 1000, “ pipeline.sources” => [“ D:/Project/logstash-7.5.0/bin/logstash-sample.conf”], :thread =>“#”} [2019-12-16T23:26:31,506] [INFO ] [logstash.outputs.elasticsearch] [main]尝试安装模板 {:manage_template => {“ index_patterns” =>“ logstash- ”,“ version” => 60001, “ settings” => {“ index.refresh_interval” =>“ 5s”,“ number_of_shards” => 1}, “ mappings” => {“ dynamic_templates” => [{“ message_field” => {“ path_match” =>“ message”, “ match_mapping_type” =>“字符串”,“ mapping” => {“ type” =>“文本”, “ norms” => false}}},{“ string_fields” => {“ match” =>“ ”, “ match_mapping_type” =>“字符串”,“ mapping” => {“ type” =>“文本”, “规范” => false,“字段” => {“关键字” => {“类型” =>“关键字”, “ ignore_above” => 256}}}}}], “ properties” => {“ @ timestamp” => {“ type” =>“ date”}, “ @version” => {“ type” =>“关键字”},“ geoip” => {“ dynamic” => true, “ properties” => {“ ip” => {“ type” =>“ ip”}, “ location” => {“ type” =>“ geo_point”},“纬度” => {“ type” =>“ half_float”}, “经度” => {“ type” =>“ half_float”}}}}}}} [2019-12-16T23:26:32,041] [INFO] [logstash.javapipeline] [main] 管道已启动{“ pipeline.id” =>“ main”} [2019-12-16T23:26:32,114] [INFO] [filewatch.observingtail] [main] 开始,创建Discoverer,使用文件和Sincedb集合进行监视 [2019-12-16T23:26:32,118] [INFO] [logstash.agent]管道 正在运行{:count => 1,:running_pipelines => [:main], :non_running_pipelines => []} [2019-12-16T23:26:32,502] [INFO ] [logstash.agent]成功启动Logstash API 端点{:port => 9600}
logstash不会读取提到的日志文件及其处于空闲状态。
samplex.log
[2019-12-16T22:30:59,310] [INFO] [logstash.outputs.elasticsearch] [main] Elasticsearch池URL已更新{:changes => {:removed => [], :added => [http://192.168.1.8:9200/]}} [2019-12-16T22:30:59,472] [WARN ] [logstash.outputs.elasticsearch] [main]恢复与ES的连接 实例{:url =>“ http://192.168.1.8:9200/”} [2019-12-16T22:30:59,558] [INFO] [logstash.outputs.elasticsearch] [main] 确定ES输出版本{:es_version => 7} [2019-12-16T22:30:59,565] [WARN] [logstash.outputs.elasticsearch] [main] 检测到6.x及更高版本的群集:
type
事件字段将不被使用 确定文档_type {:es_version => 7} [2019-12-16T22:30:59,653] [INFO] [logstash.outputs.elasticsearch] [main] 新的Elasticsearch输出{:class =>“ LogStash :: Outputs :: ElasticSearch”, :hosts => [“ // 192.168.1.8:9200”]} [2019-12-16T22:30:59,724] [信息 ] [logstash.outputs.elasticsearch] [main]使用默认映射模板 dsdasd
答案 0 :(得分:1)
在Windows中,我认为您保存的文件名为sample.log,但在内部它会被视为文本文件。就像“ sample.log.txt”
所以请尝试
input {
file {
#type => "log"
path => "D:/Downloads/logstash-6.7.0/bin/samplex.log.txt"
sincedb_path => "D:/Downloads/logstash-6.7.0/data/plugins/inputs/file/null"
start_position => "beginning"
#ignore_older => 0
}
}
output {
stdout { codec => "rubydebug"}
elasticsearch {
hosts => "http://xx-xx-xx-xx:9200"
index => "db"
}
}
如果仍然出现问题,请尝试删除sincedb_path中的空文件,然后重试。
如果问题已得到解决,请告诉我。 希望这对您有帮助。!!