堆栈内存溢出
  简体   繁体   English

logstash不创建索引

[英]logstash does not create index

 原文  2015-05-17 21:28:46       elasticsearch/ logstash/ cloudfoundry

问题描述

I've setup logstash 1.5.0 with elasticsearch 1.5.1. 我已经用elasticsearch 1.5.1设置了logstash 1.5.0。 Kibana is up and running the logstash interface via nginx. Kibana启动并通过nginx运行logstash界面。

However it seems that logstash is not creating an elastic search index. 但是,logstash似乎并未创建弹性搜索索引。

This is what I get when I try to curl the indexes from elasticsearch: 这是我尝试从elasticsearch卷曲索引时得到的结果: 

[root@aoadbld00032lb ~]# curl -s http://127.0.0.1:9200/_status?pretty=true
{
  "_shards" : {
    "total" : 0,
    "successful" : 0,
    "failed" : 0
  },
  "indices" : { }
}

And this is what I'm seeing in the logstash logs: 这就是我在logstash日志中看到的内容: 

{:timestamp=>"2015-05-17T16:45:08.435000-0400", :message=>"Using version 0.1.x     input plugin 'tcp'. This plugin isn't well supporte
d by the community and likely has no maintainer.", :level=>:info}
{:timestamp=>"2015-05-17T16:45:08.449000-0400", :message=>"Using version 0.1.x     codec plugin 'line'. This plugin isn't well support
ed by the community and likely has no maintainer.", :level=>:info}
    {:timestamp=>"2015-05-17T16:45:08.458000-0400", :message=>"Using version     0.1.x input plugin 'udp'. This plugin isn't well supported by the community and     likely has no maintainer.", :level=>:info}
    {:timestamp=>"2015-05-17T16:45:08.462000-0400", :message=>"Using version         0.1.x codec plugin 'plain'. This plugin isn't well supported by the community and     likely has no maintainer.", :level=>:info}
{:timestamp=>"2015-05-17T16:45:08.474000-0400", :message=>"Using version 0.1.x filter plugin 'grok'. This plugin isn't well supported by the community and likely has no maintainer.", :level=>:info}
{:timestamp=>"2015-05-17T16:45:08.482000-0400", :message=>"Using version 0.1.x     filter plugin 'syslog_pri'. This plugin isn't well supported by the community and     likely has no maintainer.", :level=>:info}
    {:timestamp=>"2015-05-17T16:45:08.500000-0400", :message=>"Using version 0.1.    x filter plugin 'date'. This plugin isn't well supported by the community and likely has no maintainer.", :level=>:info}
{:timestamp=>"2015-05-17T16:45:08.510000-0400", :message=>"Using version 0.1.x     filter plugin 'mutate'. This plugin isn't well supported by the community and     likely has no maintainer.", :level=>:info}
{:timestamp=>"2015-05-17T16:45:08.808000-0400", :message=>"Using version 0.1.x     output plugin 'elasticsearch'. This plugin isn't well supported by the community     and likely has no maintainer.", :level=>:info}
{:timestamp=>"2015-05-17T16:45:09.781000-0400", :message=>"Starting tcp input     listener", :address=>"0.0.0.0:5000", :level=>:info}
{:timestamp=>"2015-05-17T16:45:09.807000-0400", :message=>"Starting UDP     listener", :address=>"0.0.0.0:5000", :level=>:info}

I'm thinking the output in bold might be important! 我认为粗体输出可能很重要!

This is my logstash.conf file: 这是我的logstash.conf文件: 

[root@aoadbld00032lb ~]# cat /etc/logstash/logstash.conf
input {
  tcp {
    port => 5000
    type => syslog
  }
  udp {
    port => 5000
    type => syslog
  }
}

filter {
  if [type] == "syslog" {
    grok {
          match => { "message" => "%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{HOSTNAME:syslog5424_host}|-) +(?:%{NOTSPACE:syslog5424_app}|-) +(?:%{NOTSPACE:syslog5424_proc}|-) +(?:%{WORD:syslog5424_msgid}|-) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|) +%{GREEDYDATA:syslog5424_msg}" }
    }
    syslog_pri { }
    date {
  match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
    if !("_grokparsefailure" in [tags]) {
      mutate {
        replace => [ "@source_host", "%{syslog_hostname}" ]
        replace => [ "@message", "%{syslog_message}" ]
      }
    }
    mutate {
      remove_field => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ]
    }
  }
}

output {
  elasticsearch {

    host => "127.0.0.1"
    embedded => false
    cluster => "optl_elasticsearch"

 }
    }

Can I please get some advice on how to get this logstash setup indexing in elastic search? 我可以在弹性搜索中获取如何获取此logstash设置索引的建议吗?

1 个解决方案

解决方案1
 1 已采纳  2015-09-15 05:32:16

After I followed this tutorial to set up ELK it created it index for me, may it helps you. 在按照本教程设置ELK之后,它为我创建了索引,可能对您有帮助。 Have a look for the config file with the generator. 使用生成器查找配置文件。

http://operational.io/elk-stack-for-network-operations-reloaded/ http://operational.io/elk-stack-for-network-operations-reloaded/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在logstash中创建季度索引 - create quarterly index in logstash logstash 创建奇怪的索引名称 - logstash create strange index name logstash无法在ES中创建索引 - logstash fails to create an index in ES Logstash 无法在 ElasticSearch 中创建索引 - Logstash cannot create index in ElasticSearch 如何配置logstash创建弹性搜索索引? - How to configure logstash to create an elasticsearch index? ELK logstash 无法在 ES 中创建索引 - ELK logstash cant create index in ES 无法创建Elasticsearch索引(logstash-2015.05.18) - Can not create Elasticsearch Index (logstash-2015.05.18) Logstash无法在Elasticsearch中创建索引 - Logstash can't create an index in Elasticsearch 如何从LOGSTASH创建索引并映射到ES - How to create Index and Mapping into ES from LOGSTASH Logstash无法在elasticsearch中创建报告索引 - Logstash fail to create report index in elasticsearch
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM