堆栈内存溢出
  简体   繁体   English

如何使用logstash将json文件中的所有内容发送到elasticsearch

[英]How to get all contents in a json file sent to elasticsearch using logstash

 原文  2019-04-18 15:55:40       json/ elasticsearch/ logstash/ logstash-configuration

问题描述

I have test results that are being stored in json files. 我有测试结果存储在json文件中。 I then have logstash locate the file and attempt to send all of the lines to elasticsearch. 然后我将logstash找到该文件并尝试将所有行发送到elasticsearch。 Only about half of the lines are being sent and can't figure out why certain lines are being left out. 只有大约一半的线路被发送,并且无法弄清楚为什么某些线路被遗漏了。 For example, there will be 34 lines, but only 14 are sent. 例如,将有34行,但只发送14行。 

input {
    file {
        path => "/data/*.json"
        start_position => "beginning"
    }
}

# ----------------------------------------------------------------------

filter {

    # Parse fields out of JSON message, then remove the raw JSON. 
    json {
        source => "message"
    }

}

# ----------------------------------------------------------------------

output {
    elasticsearch {
        hosts => ["host:9200", "localhost:9200"]
        index => "ct-%{+YYYY.MM.dd}"
    }
    stdout { codec => rubydebug }

I'm not sure if there is something within the json itself that causes logstash to just skip over it, or if there's something wrong with my logstash.conf file that I posted above. 我不确定json本身是否存在导致logstash跳过它的内容,或者我上面发布的logstash.conf文件是否有问题。

1 个解决方案

解决方案1
 0  2019-04-19 08:41:47

Logstash computes files from different types to send it to elasticsearch in Json format. Logstash计算来自不同类型的文件,以便以Json格式将其发送到elasticsearch。 In your case, a Filebeat agent with an elasticsearch output would be enough to send a json file to ES and to index it. 在您的情况下,具有elasticsearch输出的Filebeat代理足以将json文件发送到ES并对其进行索引。

It would look like this using Filebeat 6.x : 使用Filebeat 6.x看起来像这样: 

#=========================== Filebeat inputs =============================

filebeat.inputs:

- type: log
  # Paths to the logs
  paths:
    - "/your/path/to/your/logs/file.json"
  # tags to identify the logs source, .gz files excluded from the prospector
  tags: ["beats","yourtag"]
  exclude_files: ['\.gz$']

#================================ Outputs =====================================
#----------------------------- Elasticsearch output --------------------------------
output.elasticsearch:
  # The ES host & index name
  hosts: ["yourEShost:9200"]
  index: "ct-%{+YYYY.MM.dd}"

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用filebeat读取json文件并通过logstash将其发送到elasticsearch - How to read json file using filebeat and send it to elasticsearch via logstash 如何使用logstash将压缩的json导入elasticsearch? - How to import zipped json into elasticsearch using logstash? Json文件从Filebeat到Logstash,然后到elasticsearch - Json file from filebeat to Logstash and then to elasticsearch 如何从Json文件中使用Logstash获取TimeStamp? JSON中有多个日期字段 - How to get TimeStamp using logstash from Json file? There multiple date fields in the JSON 文件获取内容仅获取JSON数据的一部分,而不是全部内容 - File Get Contents only gets part of JSON data and not all contents Logstash:将日志文件中的复杂多行JSON解析为ElasticSearch - Logstash: Parse Complicated Multiline JSON from log file into ElasticSearch Elasticsearch logstash 配置文件夹中的多个 json(嵌套)文件 - Elasticsearch logstash configuration for multiple json (nested) file in a folder 无法获取Logstash处理JSON文件 - Can't get logstash to handle JSON file Logstash - 将嵌套的 JSON 导入 Elasticsearch - Logstash - import nested JSON into Elasticsearch 如何在不使用file_get_contents的情况下在PHP中读取JSON文件? - How to read JSON file in PHP without using file_get_contents?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM