堆栈内存溢出
  简体   繁体   English

Logstash:输出到Elasticsearch会导致Ruby出错,但可与stdout一起使用

[英]Logstash: Output to Elasticsearch gives errors with ruby but works with stdout

 原文  2016-07-03 08:36:00       ruby/ elasticsearch/ logstash

问题描述

The error is related to the ruby code, how do I fix this ? 错误与红宝石代码有关,我该如何解决?

Config: 配置: 

input {
  beats {
    port => 5044
    ssl => false
  }
}

filter {
  if [type] == "apache" {
ruby {
code => " if event['message']
event['message'] = event['message'].gsub('\x','Xx')
event['message'] = event['message'].gsub('\x','XXx')
end
"
}

json {
      source => "message"
    }
}
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
    sniffing => true
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

Logstash log: Logstash日志:

{:timestamp=>"2016-07-01T13:23:30.475000+0100", :message=>"Connection refused", :class=>"Manticore::SocketException", :backtrace=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/manticore-0.6.0-java/lib/manticore/response.rb:37:in initialize'", "org/jruby/RubyProc.java:281:incall'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/manticore-0.6.0-java/lib/manticore/response.rb:79:in call'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/manticore-0.6.0-java/lib/manticore/response.rb:256:incall_once'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/manticore-0.6.0-java/lib/manticore/response.rb:153:in code'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/http/manticore.rb:84:inperform_request'", "org/jruby/RubyProc.java:281:in call'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/base.rb:257:inperform_request'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch {:timestamp =>“ 2016-07-01T13:23:30.475000 + 0100”,:message =>“连接被拒绝”,:class =>“ Manticore :: SocketException”,:backtrace => [“ / opt / logstash / vendor / bundle / jruby / 1.9 / gems / manticore-0.6.0-java / lib / manticore / response.rb:37:in initialize'“,” org / jruby / RubyProc.java:281:incall'“,” / opt / logstash / vendor / bundle / jruby / 1.9 / gems / manticore-0.6.0-java / lib / manticore / response.rb:79:in call'“,” /opt/logstash/vendor/bundle/jruby/1.9 /gems/manticore-0.6.0-java/lib/manticore/response.rb:256:incall_once'“,” /opt/logstash/vendor/bundle/jruby/1.9/gems/manticore-0.6.0-java/lib /manticore/response.rb:153:in code'“,” /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/http/manticore。 rb:84:inperform_request'“,” org / jruby / RubyProc.java:281:in call'“,” /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/ elasticsearch / transport / transport / base.rb:257:inperform_request'“,” /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch -transport-1.0.18/lib/elasticsearch/transport/transport/http/manticore.rb:67:in perform_request'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/sniffer.rb:32:inhosts'", "org/jruby/ext/timeout/Timeout.java:147:in timeout'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/sniffer.rb:31:inhosts'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/base.rb:79:in reload_connections!'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:72:insniff!'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/ext/thread/Mutex.java:149:insynchronize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-outp -transport-1.0.18 / lib / elasticsearch / transport / transport / http / manticore.rb:67:in perform_request'“,” /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0。 18 / lib / elasticsearch / transport / transport / sniffer.rb:32:inhosts'“,” org / jruby / ext / timeout / Timeout.java:147:in timeout'“,” / opt / logstash / vendor / bundle / jruby / 1.9 / gems / elasticsearch-transport-1.0.18 / lib / elasticsearch / transport / transport / sniffer.rb:31:inhosts'“,” /opt/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch- transport-1.0.18 / lib / elasticsearch / transport / transport / base.rb:79:in reload_connections!'“,” /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7。 0-java / lib / logstash / outputs / elasticsearch / http_client.rb:72:insniff!'“,” /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.0-java /lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'“,” org / jruby / ext / thread / Mutex.java:149:insynchronize'“,” / opt / logstash / vendor / bundle / jruby / 1.9 / gems / logstash-outp ut-elasticsearch-2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/RubyKernel.java:1479:inloop'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in `start_sniffing!'"], :level=>:error} {:timestamp=>"2016-07-01T13:23:52.470000+0100", :message=>"CircuitBreaker::rescuing exceptions", :name=>"Beats input", :exception=>LogStash::Inputs::Beats::InsertingToQueueTakeTooLong, :level=>:warn} {:timestamp=>"2016-07-01T13:23:52.470000+0100", :message=>"Beats input: The circuit breaker has detected a slowdown or stall in the pipeline, the input is closing the current connection and rejecting new connection until the pipeline recover.", :exception=>LogStash::Inputs::BeatsSupport::CircuitBreaker::HalfOpenBreaker, :level=>:warn} {:timestamp=>"2016-07-01T13:23:52.471000+0100", :message=>"CircuitBreaker::rescuing exceptions", :name=>"Beats input", :exception=>LogStash: ut-elasticsearch-2.7.0-java / lib / logstash / outputs / elasticsearch / http_client.rb:60:in start_sniffing!'“,” org / jruby / RubyKernel.java:1479:inloop'“,” / opt / logstash /vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in'start_sniffing!'“],:level =>:错误} {:timestamp =>“ 2016-07-01T13:23:52.470000 + 0100”,:message =>“ CircuitBreaker :: rescuing exceptions”,:name =>“ Beats input”,:exception => LogStash :: Inputs :: Beats :: InsertingToQueueTakeTooLong,:level =>:warn} {:timestamp =>“ 2016-07-01T13:23:52.470000 + 0100”,:message =>“ Beats输入:断路器已检测到减速或停转在管道中,输入将关闭当前连接并拒绝新连接,直到管道恢复为止。“,:exception => LogStash :: Inputs :: BeatsSupport :: CircuitBreaker :: HalfOpenBreaker,:level =>:warn} {:timestamp =>“ 2016-07-01T13:23:52.471000 + 0100”,:message =>“ CircuitBreaker :: rescuing exceptions”,:name =>“节拍输入”,:exception => LogStash: :Inputs::Beats::InsertingToQueueTakeTooLong, :level=>:warn} {:timestamp=>"2016-07-01T13:23:52.471000+0100", :message=>"Beats input: The circuit breaker has detected a slowdown or stall in the pipeline, the input is closing the current connection and rejecting new connection until the pipeline recover.", :exception=>LogStash::Inputs::BeatsSupport::CircuitBreaker::HalfOpenBreaker, :level=>:warn} {:timestamp=>"2016-07-01T13:23:53.471000+0100", :message=>"Beats input: the pipeline is blocked, temporary refusing new connection.", :reconnect_backoff_sleep=>0.5, :level=>:warn} {:timestamp=>"2016-07-01T13:23:53.472000+0100", :message=>"CircuitBreaker::Open", :name=>"Beats input", :level=>:warn} {:timestamp=>"2016-07-01T13:23:53.473000+0100", :message=>"Beats input: The circuit breaker has detected a slowdown or stall in the pipeline, the input is closing the current connection and rejecting new connection until the pipeline recover.", :exception=>LogStash::Inputs::BeatsSupport::CircuitBreaker: :Inputs :: Beats :: InsertingToQueueTakeTooLong,:level =>:warn} {:timestamp =>“ 2016-07-01T13:23:52.471000 + 0100”,:message =>“ Beats输入:断路器已检测到减速或停滞在管道中,则输入将关闭当前连接并拒绝新连接,直到管道恢复为止。“,:exception => LogStash :: Inputs :: BeatsSupport :: CircuitBreaker :: HalfOpenBreaker,:level => :: warn} { :timestamp =>“ 2016-07-01T13:23:53.471000 + 0100”,:message =>“节拍输入:管道被阻塞,暂时拒绝新连接。”,:reconnect_backoff_sleep => 0.5,:level => ::警告} {:timestamp =>“ 2016-07-01T13:23:53.472000 + 0100”,:message =>“ CircuitBreaker :: Open”,:name =>“ Beats input”,:level =>:warn} {:timestamp =>“ 2016-07-01T13:23:53.473000 + 0100”,:message =>“节拍输入:断路器已检测到管道中的减速或停顿,该输入正在关闭当前连接并拒绝新连接,直到管道恢复。“,:exception => LogStash :: Inputs :: BeatsSupport :: CircuitBreaker: :OpenBreaker, :level=>:warn} {:timestamp=>"2016-07-01T13:23:53.972000+0100", :message=>"Beats input: the pipeline is blocked, temporary refusing new connection.", :reconnect_backoff_sleep=>0.5, :level=>:warn} :OpenBreaker,:level =>:warn} {:timestamp =>“ 2016-07-01T13:23:53.972000 + 0100”,:message =>“节拍输入:管道被阻塞,暂时拒绝新连接。”,: reconnect_backoff_sleep => 0.5,:level =>:warn}

2 个解决方案

解决方案1
 1  2016-07-04 07:58:02

The problem is not from the ruby code, but from your connection to Elasticsearch. 问题不是来自ruby代码,而是来自您与Elasticsearch的连接。

In your stacktrace: 在您的堆栈跟踪中:

"/opt/logstash/vendor/bundle/jruby/1.9/gems/ logstash-output-elasticsearch -2.7.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in “ /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch -2.7.0- java / lib / logstash / outputs / elasticsearch / http_client.rb:59:in

Either your Elasticsearch instance is not started or can not be reached by logstash. 您的Elasticsearch实例未启动,或者logstash无法访问该实例。

解决方案2
 0 已采纳  2016-07-04 13:57:28

I resolved this by deleting the indexes from elasticsearch. 我通过删除elasticsearch的索引解决了这个问题。 

curl -XDELETE 'http://localhost:9200/filebeat-*'

Note that the ruby does not work. 请注意,红宝石不起作用。 I had to change my log format to combined log to handle the exception. 我不得不将日志格式更改为合并日志以处理异常。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 logstash elasticsearch输出 - logstash elasticsearch output 了解Ruby stdout的工作原理 - Understanding how Ruby stdout works 将字段添加到Logstash Twitter输入和Elasticsearch输出 - Add fields to Logstash Twitter input and Elasticsearch output 了解ruby方法$ stdout的工作方式 - Understanding how ruby method $stdout works 红宝石命令的输出未显示在STDOUT中 - Output from ruby command is not shown in STDOUT 测试 RSpec - Output 活动消息到 Ruby 中的 STDOUT - Testing with RSpec - Output activity messages to STDOUT in Ruby 在执行期间将STDOUT输出到带有ruby的文件 - Output STDOUT to a file with ruby during execution 如何在Ruby中存根STDOUT而不引发警告错误? - How to stub STDOUT in Ruby without raising warning errors? Ruby使用$ stdout来写入puts和return的输出吗? - Does Ruby use $stdout for writing the output of puts and return? 将输出打印到ruby中的stdout时如何使用回调 - How can I use callback when output was printed to stdout in ruby
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM