如何在两台分离的服务器之间使用Logstash将日志从文件发送到Elasticsearch?
[英]How can I send logs from file to Elasticsearch using Logstash between two separated servers?
问题描述
I try to send logs from logs.csv file to elasticsearch using Logstash. 
我尝试使用Logstash将日志从logs.csv文件发送到elasticsearch。 In Elasticsearch I have index logs with type log. 在Elasticsearch中,我有类型为log的索引日志。 At the moment my logstash.conf looks in this way: 此刻我的logstash.conf看起来是这样的:
input {
file {
path => "/run/shm/elastic/logstash/logs.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
columns => ["logs"]
}
}
output {
elasticsearch {
hosts => "hostaddress:9200"
index => "logs"
document_type => "log"
user => "elastic"
password => "elastic"
}
stdout {}
}
Logstash seems to be configured correctly because for instance sudo ./logstash -e 'input { stdin { } } output { stdout {} }' works properly. Logstash似乎配置正确,因为例如sudo ./logstash -e 'input { stdin { } } output { stdout {} }'可以正常工作。 However I get error shown below. 但是我得到如下所示的错误。 Any ideas? 有任何想法吗?
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2018-07-11 10:48:27.473 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[FATAL] 2018-07-11 10:48:27.510 [LogStash::Runner] runner - Logstash could not be started because there is already another instance using the configured data directory. If you wish to run multiple instances, you must change the "path.data" setting.
[ERROR] 2018-07-11 10:48:27.522 [LogStash::Runner] Logstash - java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
2 个解决方案
解决方案1
0 2018-07-11 10:26:20
This error happens because another instance of Logstash is still running. 发生此错误的原因是Logstash的另一个实例仍在运行。 You should start Logstash as a service in Linux instead of directly starting it, for example on RHEL you should start using: 您应该在Linux中将Logstash作为服务启动,而不是直接启动它,例如,在RHEL上,您应该开始使用:
service logstash start
and stop 停下来
service logstash stop
You can find commands for other systems under this link . 您可以在此链接下找到其他系统的命令。
But sometimes Logstash gets stalled and you have to kill it manually 但是有时候Logstash停滞不前,您必须手动杀死它
ps aux | grep logstash
Find Logstash's PID and kill it: 找到Logstash的PID并杀死它:
kill -9 LOGSTASH_PID
Most of the time Logstash can't be stopped in the standard way because it's processing some data but you can force Logstash to stop by adding --pipeline.unsafe_shutdown in the service startup file, you can read more about this here . 大多数情况下,Logstash无法以标准方式停止,因为它正在处理一些数据,但是您可以通过在服务启动文件中添加--pipeline.unsafe_shutdown来强制Logstash停止,您可以在此处了解更多信息。
解决方案2
0 2018-07-12 03:57:54
If you want to run multiple logstash instances, you need to define the path.data either by command, 如果要运行多个logstash实例,则需要通过以下命令定义path.data :
bin/logstash -f <config_file.conf> --path.data PATH
(make sure the directory is writable) (确保目录可写)
or specify in logstash.yml file under /etc/logstash/ for each instance. 或为每个实例在/etc/logstash/下的logstash.yml文件中指定。
Please read, logstash could not be started when running multiple instances - path.data setting 请阅读, 运行多个实例时无法启动logstash-path.data设置
To read all columns fro csv file, you need to provide name of each column like this, 要从csv文件读取所有列,您需要像这样提供每列的名称,
columns => ["Date","column2","column3"]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.