如何让logstash监听python应用运行的特定端口
[英]How to make logstash listen to a specific port where the python application is running
问题描述
I am trying to make the logstash pipeline to listen to port 8003 where i am running my python starlette application.I need to collect the logs and pass it to the elastic db.
我正在尝试让 logstash 管道监听我正在运行我的 python starlette 应用程序的端口 8003。我需要收集日志并将其传递给弹性数据库。
My logstash.conf file is我的 logstash.conf 文件是
input {
udp {
type => "logs"
port => 8003
}
}
output {
elasticsearch {hosts => ["https://127.0.0.1:9200"]
index =>"testlogs"
user => "elastic"
password => "XXX"
ssl => false
ssl_certificate_verification => false
cacert =>"xxxxx"
}
}
Also the logs from where the my starlette application running is还有运行我的 starlette 应用程序的日志
uvicorn main:app --reload --port 8003
INFO: Uvicorn running on http://127.0.0.1:8003 (Press CTRL+C to quit)
INFO: Started reloader process [53528] using WatchFiles
C:\Users\Dell 5300 2in1\AppData\Local\Programs\Python\Python310\lib\site-packages\elasticsearch\_sync\client\__init__.py:395: SecurityWarning: Connecting to 'https://localhost:9200' using TLS with verify_certs=False is insecure
_transport = transport_class(
INFO: Started server process [56984]
INFO: Waiting for application startup.
INFO: Application startup complete.
2022-10-04 13:30:19,931 - root - INFO - In web socket function
INFO: ('127.0.0.1', 61257) - "WebSocket /ws/channel/analytics" [accepted]
2022-10-04 13:30:19,931 - uvicorn.error - INFO - ('127.0.0.1', 61257) - "WebSocket /ws/channel/analytics" [accepted]
INFO: connection open
2022-10-04 13:30:19,936 - uvicorn.error - INFO - connection open
And after running my conf file i got the below logs in logstash terminal在运行我的 conf 文件后,我在 logstash 终端中得到了以下日志
C:\logstash-8.4.2-windows-x86_64\logstash-8.4.2>logstash -f logstash.conf
[2022-10-04T13:29:02,601][INFO ][logstash.runner ] Log4j configuration path used is: C:\logstash-8.4.2-windows-x86_64\logstash-8.4.2\config\log4j2.properties
[2022-10-04T13:29:02,613][WARN ][logstash.runner ] The use of JAVA_HOME has been deprecated. Logstash 8.0 and later ignores JAVA_HOME and uses the bundled JDK. Running Logstash with the bundled JDK is recommended. The bundled JDK has been verified to work with each specific version of Logstash, and generally provides best performance and reliability. If you have compelling reasons for using your own JDK (organizational-specific compliance requirements, for example), you can configure LS_JAVA_HOME to use that version instead.
[2022-10-04T13:29:02,617][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"8.4.2", "jruby.version"=>"jruby 9.3.8.0 (2.6.8) 2022-09-13 98d69c9461 OpenJDK 64-Bit Server VM 17.0.4+8 on 17.0.4+8 +indy +jit [x86_64-mswin32]"}
[2022-10-04T13:29:02,621][INFO ][logstash.runner ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, -Djruby.regexp.interruptible=true, -Djdk.io.File.enableADS=true, --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED]
[2022-10-04T13:29:02,838][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2022-10-04T13:29:08,033][INFO ][logstash.monitoring.internalpipelinesource] Monitoring License OK
[2022-10-04T13:29:08,039][INFO ][logstash.monitoring.internalpipelinesource] Validated license for monitoring. Enabling monitoring pipeline.
[2022-10-04T13:29:08,626][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2022-10-04T13:29:09,536][INFO ][org.reflections.Reflections] Reflections took 277 ms to scan 1 urls, producing 125 keys and 434 values
[2022-10-04T13:29:09,880][INFO ][logstash.javapipeline ] Pipeline `.monitoring-logstash` is configured with `pipeline.ecs_compatibility: v8` setting. All plugins in this pipeline will default to `ecs_compatibility => v8` unless explicitly configured otherwise.
[2022-10-04T13:29:09,882][INFO ][logstash.javapipeline ] Pipeline `main` is configured with `pipeline.ecs_compatibility: v8` setting. All plugins in this pipeline will default to `ecs_compatibility => v8` unless explicitly configured otherwise.
[2022-10-04T13:29:09,965][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearchMonitoring", :hosts=>["https://127.0.0.1:9200"]}
[2022-10-04T13:29:09,965][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["https://127.0.0.1:9200"]}
[2022-10-04T13:29:09,983][WARN ][logstash.outputs.elasticsearch][main] You have enabled encryption but DISABLED certificate verification, to make sure your data is secure remove `ssl_certificate_verification => false`
[2022-10-04T13:29:10,016][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elastic:xxxxxx@127.0.0.1:9200/]}}
[2022-10-04T13:29:10,016][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elastic:xxxxxx@127.0.0.1:9200/]}}
[2022-10-04T13:29:10,100][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Restored connection to ES instance {:url=>"https://elastic:xxxxxx@127.0.0.1:9200/"}
[2022-10-04T13:29:10,111][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"https://elastic:xxxxxx@127.0.0.1:9200/"}
[2022-10-04T13:29:10,114][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Elasticsearch version determined (8.3.3) {:es_version=>8}
[2022-10-04T13:29:10,114][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
[2022-10-04T13:29:10,123][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch version determined (8.3.3) {:es_version=>8}
[2022-10-04T13:29:10,123][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
[2022-10-04T13:29:10,184][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Elasticsearch Output configured with `ecs_compatibility => v8`, which resolved to an UNRELEASED preview of version 8.0.0 of the Elastic Common Schema. Once ECS v8 and an updated release of this plugin are publicly available, you will need to update this plugin to resolve this warning.
[2022-10-04T13:29:10,192][INFO ][logstash.outputs.elasticsearch][main] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2022-10-04T13:29:10,202][INFO ][logstash.outputs.elasticsearch][main] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2022-10-04T13:29:10,210][WARN ][logstash.javapipeline ][.monitoring-logstash] 'pipeline.ordered' is enabled and is likely less efficient, consider disabling if preserving event order is not necessary
[2022-10-04T13:29:10,217][WARN ][logstash.outputs.elasticsearch][main] Elasticsearch Output configured with `ecs_compatibility => v8`, which resolved to an UNRELEASED preview of version 8.0.0 of the Elastic Common Schema. Once ECS v8 and an updated release of this plugin are publicly available, you will need to update this plugin to resolve this warning.
[2022-10-04T13:29:10,223][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[2022-10-04T13:29:10,323][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["C:/sp/logstash-8.4.2-windows-x86_64/logstash-8.4.2/logstash.conf"], :thread=>"#<Thread:0x3e3e04e1@C:/sp/logstash-8.4.2-windows-x86_64/logstash-8.4.2/logstash-core/lib/logstash/java_pipeline.rb:130 run>"}
[2022-10-04T13:29:10,323][INFO ][logstash.javapipeline ][.monitoring-logstash] Starting pipeline {:pipeline_id=>".monitoring-logstash", "pipeline.workers"=>1, "pipeline.batch.size"=>2, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>2, "pipeline.sources"=>["monitoring pipeline"], :thread=>"#<Thread:0x4c2a7b61 run>"}
[2022-10-04T13:29:11,383][INFO ][logstash.javapipeline ][.monitoring-logstash] Pipeline Java execution initialization time {"seconds"=>1.05}
[2022-10-04T13:29:11,383][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"=>1.06}
[2022-10-04T13:29:11,409][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2022-10-04T13:29:11,466][INFO ][logstash.javapipeline ][.monitoring-logstash] Pipeline started {"pipeline.id"=>".monitoring-logstash"}
[2022-10-04T13:29:11,517][INFO ][logstash.inputs.udp ][main][8556311d3dbc2bb897d0d7e1c280deb2881bca42bf8bf05affdb5f71ef4a6c46] Starting UDP listener {:address=>"0.0.0.0:8003"}
[2022-10-04T13:29:11,636][INFO ][logstash.inputs.udp ][main][8556311d3dbc2bb897d0d7e1c280deb2881bca42bf8bf05affdb5f71ef4a6c46] UDP listener started {:address=>"0.0.0.0:8003", :receive_buffer_bytes=>"65536", :queue_size=>"2000"}
[2022-10-04T13:29:11,668][INFO ][logstash.agent ] Pipelines running {:count=>2, :running_pipelines=>[:".monitoring-logstash", :main], :non_running_pipelines=>[]}
But the logs are not written into the elastic db.Am i doing something wrong here?但是日志没有写入弹性数据库。我在这里做错了吗?
1 个解决方案
解决方案1
0 已采纳 2022-10-04 11:53:42
According to your logs, Uvicorn running on http://127.0.0.1:8003 it looks like Uvicorn is actually listening for HTTP requests coming on port 8003, no logs are being sent through that port.根据您的日志, Uvicorn running on http://127.0.0.1:8003 ,看起来 Uvicorn 实际上正在侦听来自端口 8003 的 HTTP 请求,没有日志通过该端口发送。
The logs are instead written to a file that you can tail with Logstash using the file input:日志改为写入一个文件,您可以使用file输入使用 Logstash 尾随该文件:
file {
type => "logs"
path => "/path/to/uvicorn.log"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何找到运行 kibana 的端口? - How to find the port where kibana is running?
如何连接在 docker 容器内运行的同一 Logstash 实例中的多个管道,从同一 filebeats 端口获取日志消息 - How to connect multiple pipelines within the same Logstash instance running inside a docker container getting log messages from same filebeats port
如何在nodejs应用程序中集成logstash? - How to integrate logstash in nodejs application?
如何停止在Ubuntu中运行的logstash Config文件? - How to stop a logstash Config file running in Ubuntu?
Logstash 模糊端口定义 - Logstash ambiguous port definition
如何在 Logstash 中保存特定的数组元素 - How to save a specific array element in Logstash
如何在Logstash上定义特定的字段标记 - How to define specific field tokenization on Logstash
如何使用特定 _type 从 elasticsearch 登录 - How to logstash from elasticsearch with specific _type
如何在Logstash中添加Elastic Search主机名和端口作为参数? - How to add Elastic Search host name and port as parameter in Logstash?
如何使Logstash替换旧数据? - How to make Logstash replace old data?
相关标签