问题描述
我正在尝试启动filebeat输入管道
input {
beats {
port => 21544
ssl => false
}
}
filter {
grok {
match => {
"message"=>"\[pid: %{NUMBER:pid}\|app: %{NUMBER:id}\|req: %{NUMBER:currentReq}/%{NUMBER:totalReq}\] %{IP:remoteAddr} \(%{WORD:remoteUser}?\) \{%{NUMBER:CGIVar} vars in %{NUMBER:CGISize} bytes\} %{SYSLOG5424SD:timestamp} %{WORD:method} %{URIPATHParaM:uri} \=\> generated %{NUMBER:resSize} bytes in %{NUMBER:resTime} msecs \(HTTP/%{NUMBER:httpVer} %{NUMBER:status}\) %{NUMBER:headers} headers in %{NUMBER:headeRSSize} bytes %{GREEDYDATA:coreInfo}"
}
add_field => {
"type" => "Nginx"
}
}
grok {
match => { "message" => "[%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:loglevel}] (%{GREEDYDATA:module}) %{GREEDYDATA:content}" }
add_field => {
"type" => "uwsgi"
}
}
}
output {
elasticsearch {
index => "api-logs-%{+YYYY.MM}"
# hosts => ["https://<ELASTICSEARCH_HOST_SEARCH>:<ELASTICSEARCH_PORT_SEARCH>"]
hosts => ["https://log.example.kr:9200"]
user => "example-user"
# password => "<ELASTICSEARCH_PASSWORD>"
password => "password"
ssl_certificate_verification => false
manage_template => false
}
stdout { }
}
语法检查出来,我可以确认
sudo /usr/share/logstash/bin/logstash --config.test_and_exit -f ../compose/logstash/usr/share/logstash/pipeline/filebeat.conf
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[INFO ] 2020-09-03 19:25:47.711 [main] runner - Starting Logstash {"logstash.version"=>"7.9.0","jruby.version"=>"jruby 9.2.12.0 (2.5.7) 2020-07-01 db01a49ba6 Java HotSpot(TM) 64-Bit Server VM 25.221-b11 on 1.8.0_221-b11 +indy +jit [linux-x86_64]"}
[WARN ] 2020-09-03 19:25:48.019 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2020-09-03 19:25:49.064 [LogStash::Runner] Reflections - Reflections took 26 ms to scan 1 urls,producing 22 keys and 45 values
Configuration OK
[INFO ] 2020-09-03 19:25:50.146 [LogStash::Runner] runner - Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
但是当我实际运行logstash时,会出现错误
logstash | [2020-09-03T10:20:41,829][WARN ][logstash.outputs.elasticsearch][filebeat] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration!
logstash | ** WARNING ** You have enabled encryption but disABLED certificate verification.
logstash | ** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true
logstash | [2020-09-03T10:20:42,015][WARN ][logstash.outputs.elasticsearch][analytics_dev] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration!
logstash | ** WARNING ** You have enabled encryption but disABLED certificate verification.
logstash | ** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true
logstash | [2020-09-03T10:20:42,111][INFO ][logstash.outputs.elasticsearch][transaction_line] Elasticsearch pool URLs updated {:changes=>{:removed=>[],:added=>[https://littlehome-app:[email protected]:292
00/]}}
logstash | [2020-09-03T10:20:42,110][INFO ][logstash.outputs.elasticsearch][analytics_dev] Elasticsearch pool URLs updated {:changes=>{:removed=>[],:added=>[https://littlehome-app:[email protected]:29200/
]}}
logstash | [2020-09-03T10:20:42,110][INFO ][logstash.outputs.elasticsearch][filebeat] Elasticsearch pool URLs updated {:changes=>{:removed=>[],:added=>[https://littlehome-app:[email protected]:920
0/]}}
logstash | [2020-09-03T10:20:42,447][WARN ][logstash.outputs.elasticsearch][filebeat] Restored connection to ES instance {:url=>"https://littlehome-app:[email protected]:9200/"}
logstash | [2020-09-03T10:20:42,447][WARN ][logstash.outputs.elasticsearch][analytics_dev] Restored connection to ES instance {:url=>"https://littlehome-app:[email protected]:29200/"}
logstash | [2020-09-03T10:20:42,447][WARN ][logstash.outputs.elasticsearch][transaction_line] Restored connection to ES instance {:url=>"https://littlehome-app:[email protected]:29200/"}
logstash | [2020-09-03T10:20:42,484][INFO ][logstash.outputs.elasticsearch][transaction_line] ES Output version determined {:es_version=>7}
logstash | [2020-09-03T10:20:42,484][INFO ][logstash.outputs.elasticsearch][analytics_dev] ES Output version determined {:es_version=>7}
logstash | [2020-09-03T10:20:42,485][WARN ][logstash.outputs.elasticsearch][transaction_line] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_ve
rsion=>7}
logstash | [2020-09-03T10:20:42,486][INFO ][logstash.outputs.elasticsearch][filebeat] ES Output version determined {:es_version=>7}
logstash | [2020-09-03T10:20:42,486][WARN ][logstash.outputs.elasticsearch][filebeat] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7
}
logstash | [2020-09-03T10:20:42,488][WARN ][logstash.outputs.elasticsearch][analytics_dev] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_versi
on=>7}
logstash | [2020-09-03T10:20:42,531][INFO ][logstash.outputs.elasticsearch][filebeat] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch",:hosts=>["https://log.littlehome.kr:9200"]}
logstash | [2020-09-03T10:20:42,714][ERROR][logstash.agent ] Failed to execute action {:id=>:filebeat,:action_type=>LogStash::ConvergeResult::FailedAction,:message=>"Could not execute action:
PipelineAction::Create<filebeat>,action_result: false",:backtrace=>nil}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)