1. 首頁
  2. 問答
  3. logstash org.elasticsearch.discovery.MasterNotDiscoveredException錯誤

logstash org.elasticsearch.discovery.MasterNotDiscoveredException錯誤

2013-06-21 78 views
3

我已經安裝了logstash 1.1.13與elasticcsearch-0.20.6下面的配置爲logstash.conflogstash org.elasticsearch.discovery.MasterNotDiscoveredException錯誤

input { 
tcp { 
port => 524 
type => rsyslog 
} 
udp { 
port => 524 
type => rsyslog 
} 
} 
filter { 
grok { 
type => "rsyslog" 
pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" ] 
add_field => [ "received_at", "%{@timestamp}" ] 
add_field => [ "received_from", "%{@source_host}" ] 
} 
syslog_pri { 
type => "rsyslog" 
} 
date { 
type => "rsyslog" 
syslog_timestamp => [ "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] 
} 
mutate { 
type => "rsyslog" 
exclude_tags => "_grokparsefailure" 
replace => [ "@source_host", "%{syslog_hostname}" ] 
replace => [ "@message", "%{syslog_message}" ] 
} 
mutate { 
type => "rsyslog" 
remove => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ] 
} 
} 

output { 
elasticsearch { 
host => "127.0.0.1" 
port => 9300 
node_name => "sysloG33r-1" 
bind_host => "localhost" 
} 
}

elasticsearch.yml

cluster: 
    name: syslogcluster 
node: 
    name: "sysloG33r-1" 
path: 
    data: /var/lib/elasticsearch 
path: 
    logs: /var/log/elasticsearch 
network: 
    host: "0.0.0.0"

並開始用命令logstash

[[email protected] elasticsearch]# java -jar /usr/local/bin/logstash/bin/logstash.jar agent -f /etc/logstash/logstash.conf 
Using experimental plugin 'syslog_pri'. This plugin is untested and may change in the future. For more information about plugin statuses, see http://logstash.net/docs/1.1.13/plugin-status {:level=>:warn} 
date: You used a deprecated setting 'syslog_timestamp => ["MMM d HH:mm:ss", "MMM dd HH:mm:ss"]'. You should use 'match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]' {:level=>:warn} 
PORT SETTINGS 127.0.0.1:9300 
log4j, [2013-06-21T14:40:08.013] WARN: org.elasticsearch.discovery: [sysloG33r-1] waited for 30s and no initial state was set by the discovery 
Failed to index an event, will retry {:exception=>org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [1m], :event=>{"@source"=>"tcp://10.66.59.35:34662/", "@tags"=>[], "@fields"=>{"syslog_pri"=>["78"], "syslog_program"=>["crond"], "syslog_pid"=>["6511"], "received_at"=>["2013-06-21T13:40:01.845Z"], "received_from"=>["10.66.59.35"], "syslog_severity_code"=>6, "syslog_facility_code"=>9, "syslog_facility"=>"clock", "syslog_severity"=>"informational"}, "@timestamp"=>"2013-06-21T12:40:01.000Z", "@source_host"=>"kent", "@source_path"=>"/", "@message"=>"(root) CMD (/opt/bin/firewall-state.sh)", "@type"=>"rsyslog"}, :level=>:warn}

和elasticsearch

/usr/local/bin/elasticsearch start

我可以看到所有的elasticsearch(9200,9300)和logstash(524)

tcp  0  0 :::524      :::*      LISTEN  12557/java   
tcp  0  0 :::9200      :::*      LISTEN  10782/java   
tcp  0  0 :::9300      :::*      LISTEN  10782/java   
tcp  0  0 ::ffff:127.0.0.1:9301  :::*      LISTEN  12557/java   
udp  0  0 :::524      :::*         12557/java   
udp  0  0 :::54328     :::*         10782/java

正確的Java接口,但是我看到logstash這個錯誤,任何想法?

Failed to index an event, will retry {:exception=>org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [1m], :event=>{"@source"=>"tcp://10.66.59.35:33598/", "@tags"=>[], "@fields"=>{"syslog_pri"=>["78"], "syslog_program"=>["crond"], "syslog_pid"=>["12983"], "received_at"=>["2013-06-21T12:07:01.541Z"], "received_from"=>["10.66.59.35"], "syslog_severity_code"=>6, "syslog_facility_code"=>9, "syslog_facility"=>"clock", "syslog_severity"=>"informational"}, "@timestamp"=>"2013-06-21T11:07:01.000Z", "@source_host"=>"kent", "@source_path"=>"/", "@message"=>"(root) CMD (/opt/bin/firewall-state.sh)", "@type"=>"rsyslog"}, :level=>:warn}

來源

2013-06-21 krisdigitx

+0

不知道如果我失去了一些東西 - ES自曝HTTP終結,但你的映射似乎是使用TCP在9200,9300? –

+0

你可以讓logstash配置轉到默認的ES端口嗎?我有一個非常類似於你的配置,我沒有明確分配端口。 – Adam

回答

8

我打算假設你已經檢查了顯而易見的東西,比如「ElasticSearch正在運行嗎?」和「我可以打開TCP連接到本地主機上的端口9300?」

即使您使用的是host參數在elasticsearch輸出,什麼是可能發生的是,在Logstash的ElasticSearch客戶端試圖通過多播來發現羣集成員(這是怎樣一個新的安裝通常是默認配置),並失敗。這在EC2以及防火牆配置可能會干擾多播發現的許多其他環境中很常見。如果這是集羣中的唯一成員,設定您的elasticsearch.yml應該做的伎倆如下:

discovery: 
    zen: 
    ping: 
     multicast: 
     enabled: false 
     unicast: 
     hosts: <your_ip>[9300-9400]

在AWS上,也有是一個EC2發現插件,將清​​除此直到你。

順便說一下,這個問題真的屬於Server Fault而不是Stack Overflow。

來源

2013-07-11 02:59:08 jgoldschrafe

+0

我已經對我的elasticsearch.yml文件做了這些修改:'discovery.zen.ping.multicast.enabled:false discovery.zen.ping.unicast.hosts:[「127.0.0.1」]'但我仍然看到這個消息:線程中的異常elasticsearch [Proudstar,John] [generic] [T#5]「org.elasticsearch.discovery。MasterNotDiscoveredException:等待[30s]'我想清理警告和錯誤,因爲我嘗試着朝着穩定的logstash實例工作。我應該關注這些警告嗎?我可以清理它們嗎? – harperville

1

我有一個類似的問題,它來自我的IP配置。簡而言之,請檢查您在logstash主機上只有一個IP地址。如果不是,它可以選擇錯誤的。

這裏發佈了相同的答案:Logstash with Elasticsearch

來源

2013-12-20 14:31:50 Hadrien

0

我碰到同類問題,並通過在logstash的elasticsearch的conf加入集羣選項固定。由於您已修改elasticsearch.yml中的羣集名稱,因此logstash客戶端將無法使用默認值查找羣集。

嘗試這樣做,這也

來源

2015-03-23 09:22:25 Ysak

相關問題

 相關問題