1. 首頁
  2. 問答
  3. logstash + elasticsearch |錯誤?

logstash + elasticsearch |錯誤?

2014-12-04 126 views
1

您是否真的很樂意幫我解決以下問題:以下是什麼意思? 看來它無法連接到Elasticsearch本地節點。但爲什麼 ?logstash + elasticsearch |錯誤?

logstash]# bin/logstash -f logstash_exabgp.cfg --debug --verbose 
Using milestone 2 input plugin 'file'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2-modified/plugin-milestones {:level=>:warn} 
Registering file input {:path=>["/var/log/messages"], :level=>:info} 
No sincedb_path set, generating one based on the file path {:sincedb_path=>"/root/.sincedb_452905a167cf4509fd08acb964fdb20c", :path=>["/var/log/messages"], :level=>:info} 
Grok patterns path {:patterns_dir=>["/opt/logstash/patterns/*"], :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/firewalls", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/grok-patterns", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/haproxy", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/java", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/junos", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/linux-syslog", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/mcollective", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/mcollective-patterns", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/mongodb", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/nagios", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/postgresql", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/redis", :level=>:info} 
Grok loading patterns from file {:path=>"/opt/logstash/patterns/ruby", :level=>:info} 
Match data {:match=>{"message"=>"%{SYSLOGTIMESTAMP:timestamp}%{GREEDYDATA}ExaBGP:%{SPACE}%{GREEDYDATA:msg}"}, :level=>:info} 
Grok compile {:field=>"message", :patterns=>["%{SYSLOGTIMESTAMP:timestamp}%{GREEDYDATA}ExaBGP:%{SPACE}%{GREEDYDATA:msg}"], :level=>:info} 
Pipeline started {:level=>:info} 
New Elasticsearch output {:cluster=>nil, :host=>"127.0.0.1", :port=>"9200", :embedded=>false, :protocol=>"http", :level=>:info} 
Automatic template management enabled {:manage_template=>"true", :level=>:info} 
Using mapping template {:template=>"{ \"template\" : \"logstash-*\", \"settings\" : { \"index.refresh_interval\" : \"5s\" }, \"mappings\" : { \"_default_\" : {  \"_all\" : {\"enabled\" : true},  \"dynamic_templates\" : [ {   \"string_fields\" : {   \"match\" : \"*\",   \"match_mapping_type\" : \"string\",   \"mapping\" : {    \"type\" : \"string\", \"index\" : \"analyzed\", \"omit_norms\" : true,    \"fields\" : {     \"raw\" : {\"type\": \"string\", \"index\" : \"not_analyzed\", \"ignore_above\" : 256}    }   }   }  } ],  \"properties\" : {   \"@version\": { \"type\": \"string\", \"index\": \"not_analyzed\" },   \"geoip\" : {   \"type\" : \"object\",    \"dynamic\": true,    \"path\": \"full\",    \"properties\" : {    \"location\" : { \"type\" : \"geo_point\" }    }   }  } } }}", :level=>:info} 
NoMethodError: undefined method `tv_sec' for nil:NilClass 
     sprintf at /opt/logstash/lib/logstash/event.rb:230 
      gsub at org/jruby/RubyString.java:3041 
     sprintf at /opt/logstash/lib/logstash/event.rb:216 
     receive at /opt/logstash/lib/logstash/outputs/elasticsearch.rb:308 
     handle at /opt/logstash/lib/logstash/outputs/base.rb:86 
    initialize at (eval):72 
      call at org/jruby/RubyProc.java:271 
     output at /opt/logstash/lib/logstash/pipeline.rb:266 
    outputworker at /opt/logstash/lib/logstash/pipeline.rb:225 
    start_outputs at /opt/logstash/lib/logstash/pipeline.rb:152

而配置文件如下:

logstash]# cat logstash_exabgp.cfg 
input { 
    file { 
     path => ["/var/log/messages"] 
    } 
} 
filter { 
    if [message] !~ /ExaBGP/ { 
      drop { } 
    } 
    grok { 
     match => [ "message", "%{SYSLOGTIMESTAMP:timestamp}%{GREEDYDATA}ExaBGP:%{SPACE}%{GREEDYDATA:msg}"] 
     remove_field => [ "message", "host", "path", "@timestamp", "@version" ] 
    } 
    date { 
     match => ["logdate", "MMM dd HH:mm:ss"] 
    } 
} 
output { 
# file { 
#  path => "NIKOS.txt" 
# } 
# stdout { codec => rubydebug } 
    elasticsearch { 
     host => "127.0.0.1" 
     protocol => http  
    } 
}

來源

2014-12-04 iamsterdam

回答

0

我想這你第一次運行的logstash。這裏的問題是,logstash無法找到關於您所指的文件的信息。

使用以下代碼並嘗試爲要分析的文件提供絕對路徑。

file {

 path => ["/var/log/messages"] 
     start_position => "beginning"

}

來源

2014-12-04 21:57:51 MUFC

+0

是的。這是第一次運行日誌存儲。不,這不是原因。刪除grok過濾器的作品。解決方法與兒子過濾器有關。有任何想法嗎 ? – iamsterdam 2014-12-04 21:59:41

+0

if [message]!〜/ ExaBGP /你用這個條件綁定什麼? – MUFC 2014-12-04 22:03:54

+0

有一個使用設備ExaBGP寫入系統日誌的進程。我只對這個設施產生的信息感興趣。這也是可以的。在那之後的部分是有問題的。 – iamsterdam 2014-12-04 22:07:32

1

不限@ -prefixed fiedl由logstash內部使用,remobing它們傾向於引起錯誤。

來源

2014-12-04 22:49:19 iamsterdam

1

我有這樣的問題太多,所以我從輸入刪除的文件,我用:

input 
{ 
    stdin { 

    } 
     } 
. . .

而且你必須以這種方式執行logstash:

斌/ logstash --config /家/ logstash /conf/ex.conf </home/var/log/messages

因爲輸入文件不再工作。

來源

2015-05-29 09:11:55 katy

相關問題

 相關問題