日志不会从量表推向弹性搜索

时间:2019-12-16 18:00:30

标签: elasticsearch logstash elk

logstash-config.conf

input {
 file {
path => ["D:/project/log/samplex.log"]
sincedb_path => "D:/Project/logstash-7.5.0/data/plugins/inputs/file/null"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["192.168.1.8:9200"]
index => "db"
#user => "elastic"
#password => "changeme"
 }  }

控制台日志

  

D:\ Project \ logstash-7.5.0 \ bin> logstash -f logstash-sample.conf
  Thread.exclusive已过时,请使用Thread :: Mutex发送Logstash   日志到D:/Project/logstash-7.5.0/logs,现在通过   log4j2.properties [2019-12-16T23:26:28,465] [警告   ] [logstash.config.source.multilocal]忽略“ pipelines.yml”文件   因为指定了模块或命令行选项
  [2019-12-16T23:26:28,580] [INFO] [logstash.runner]启动Logstash
  {“ logstash.version” =>“ 7.5.0”} [2019-12-16T23:26:30,143] [INFO   ] [org.reflections.Reflections]反射用了32毫秒来扫描1个网址,   产生20个键和40个值[2019-12-16T23:26:31,024] [INFO   ] [logstash.outputs.elasticsearch] [main] Elasticsearch池URL   更新了{:changes => {:removed => [],:added => [http://192.168.1.8:9200/]}}   [2019-12-16T23:26:31,201] [WARN] [logstash.outputs.elasticsearch] [main]   已恢复与ES实例{:url =>“ http://192.168.1.8:9200/”}的连接   [2019-12-16T23:26:31,256] [INFO] [logstash.outputs.elasticsearch] [main]   确定ES输出版本{:es_version => 7}   [2019-12-16T23:26:31,264] [WARN] [logstash.outputs.elasticsearch] [main]   检测到6.x及更高版本的群集:type事件字段将不被使用   确定文档_type {:es_version => 7}   [2019-12-16T23:26:31,333] [INFO] [logstash.outputs.elasticsearch] [main]   新的Elasticsearch输出{:class =>“ LogStash :: Outputs :: ElasticSearch”,   :hosts => [“ // 192.168.1.8:9200”]} [2019-12-16T23:26:31,404] [INFO   ] [logstash.outputs.elasticsearch] [main]使用默认映射模板   [2019-12-16T23:26:31,439] [警告   ] [org.logstash.instrument.metrics.gauge.LazyDelegatingGauge] [main] A   未知类型的量规   (org.jruby.specialized.RubyArrayOneObject)已为密钥创建:   cluster_uuids。这可能会导致无效的序列化。它是   建议将问题记录到负责的开发人员/开发人员   球队。 [2019-12-16T23:26:31,449] [INFO] [logstash.javapipeline
  ] [main]启动管道{:pipeline_id =>“ main”,   “ pipeline.workers” => 8,“ pipeline.batch.size” => 125,   “ pipeline.batch.delay” => 50,“ pipeline.max_inflight” => 1000,   “ pipeline.sources” => [“ D:/Project/logstash-7.5.0/bin/logstash-sample.conf”],   :thread =>“#”} [2019-12-16T23:26:31,506] [INFO   ] [logstash.outputs.elasticsearch] [main]尝试安装模板   {:manage_template => {“ index_patterns” =>“ logstash- ”,“ version” => 60001,   “ settings” => {“ index.refresh_interval” =>“ 5s”,“ number_of_shards” => 1},   “ mappings” => {“ dynamic_templates” => [{“ message_field” => {“ path_match” =>“ message”,   “ match_mapping_type” =>“字符串”,“ mapping” => {“ type” =>“文本”,   “ norms” => false}}},{“ string_fields” => {“ match” =>“ ”,   “ match_mapping_type” =>“字符串”,“ mapping” => {“ type” =>“文本”,   “规范” => false,“字段” => {“关键字” => {“类型” =>“关键字”,   “ ignore_above” => 256}}}}}],   “ properties” => {“ @ timestamp” => {“ type” =>“ date”},   “ @version” => {“ type” =>“关键字”},“ geoip” => {“ dynamic” => true,   “ properties” => {“ ip” => {“ type” =>“ ip”},   “ location” => {“ type” =>“ geo_point”},“纬度” => {“ type” =>“ half_float”},   “经度” => {“ type” =>“ half_float”}}}}}}}   [2019-12-16T23:26:32,041] [INFO] [logstash.javapipeline] [main]   管道已启动{“ pipeline.id” =>“ main”}   [2019-12-16T23:26:32,114] [INFO] [filewatch.observingtail] [main]   开始,创建Discoverer,使用文件和Sincedb集合进行监视   [2019-12-16T23:26:32,118] [INFO] [logstash.agent]管道   正在运行{:count => 1,:running_pipelines => [:main],   :non_running_pipelines => []} [2019-12-16T23:26:32,502] [INFO   ] [logstash.agent]成功启动Logstash API   端点{:port => 9600}

logstash不会读取提到的日志文件及其处于空闲状态。

samplex.log

  

[2019-12-16T22:30:59,310] [INFO] [logstash.outputs.elasticsearch] [main]   Elasticsearch池URL已更新{:changes => {:removed => [],   :added => [http://192.168.1.8:9200/]}} [2019-12-16T22:30:59,472] [WARN   ] [logstash.outputs.elasticsearch] [main]恢复与ES的连接   实例{:url =>“ http://192.168.1.8:9200/”}   [2019-12-16T22:30:59,558] [INFO] [logstash.outputs.elasticsearch] [main]   确定ES输出版本{:es_version => 7}   [2019-12-16T22:30:59,565] [WARN] [logstash.outputs.elasticsearch] [main]   检测到6.x及更高版本的群集:type事件字段将不被使用   确定文档_type {:es_version => 7}   [2019-12-16T22:30:59,653] [INFO] [logstash.outputs.elasticsearch] [main]   新的Elasticsearch输出{:class =>“ LogStash :: Outputs :: ElasticSearch”,   :hosts => [“ // 192.168.1.8:9200”]} [2019-12-16T22:30:59,724] [信息   ] [logstash.outputs.elasticsearch] [main]使用默认映射模板   dsdasd

1 个答案:

答案 0 :(得分:1)

在Windows中,我认为您保存的文件名为sample.log,但在内部它会被视为文本文件。就像“ sample.log.txt”

所以请尝试

input {
file {
#type => "log"
path => "D:/Downloads/logstash-6.7.0/bin/samplex.log.txt"
sincedb_path => "D:/Downloads/logstash-6.7.0/data/plugins/inputs/file/null"
start_position => "beginning"
#ignore_older => 0
}
}



output {
stdout { codec => "rubydebug"}
elasticsearch {
hosts => "http://xx-xx-xx-xx:9200"
index => "db"
} 
}

如果仍然出现问题,请尝试删除sincedb_path中的空文件,然后重试。

如果问题已得到解决,请告诉我。 希望这对您有帮助。!!