[英]Logstash Config File for IIS
我最近在Windows服务器上安装了ELK堆栈(其后: https : //community.ulyaoth.net/threads/how-to-install-logstash-on-a-windows-server-with-kibana-in-iis .17 / )
我可以将IIS日志从服务器获取到Logstash和Elasticsearch中,但是我不能从另一台服务器获取相同的日志。
这是第二台服务器上的logstash配置文件;
input {
file {
type => "IISLog"
path => "C:/inetpub/logs/LogFiles/W3SVC*/*.log"
}
}
filter {
mutate {
add_field => [ "hostip", "%{host}" ]
}
dns {
reverse => [ "host" ]
action => replace
}
}
output {
elasticsearch {
host => "ELK01v"
port => "9301"
}
}
但是在基巴纳没有任何表现
在Logstash的stderr.log中,我可以看到以下内容;
Exception in thread ">output" org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [30s]
at org.elasticsearch.action.support.master.TransportMasterNodeOperationAction$3.onTimeout(org/elasticsearch/action/support/master/TransportMasterNodeOperationAction.java:180)
at org.elasticsearch.cluster.service.InternalClusterService$NotifyTimeout.run(org/elasticsearch/cluster/service/InternalClusterService.java:492)
at java.util.concurrent.ThreadPoolExecutor.runWorker(java/util/concurrent/ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(java/util/concurrent/ThreadPoolExecutor.java:615)
at java.lang.Thread.run(java/lang/Thread.java:745)
这是来自stdout.log的;
{:timestamp=>"2014-08-22T15:04:55.775000+0100", :message=>"Using milestone 2 input plugin 'file'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2014-08-22T15:04:55.853000+0100", :message=>"Using milestone 2 filter plugin 'dns'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
log4j, [2014-08-22T15:05:34.215] WARN: org.elasticsearch.discovery: [logstash-WEB01v-3460-4038] waited for 30s and no initial state was set by the discovery
log4j, [2014-08-22T15:09:06.334] WARN: org.elasticsearch.transport: [logstash-WEB01v-3460-4038] Transport response handler not found of id [240]
我已经确认可以在端口9301上通过telnet到ELK01v,但是我认为还有什么可能导致这些错误。 有没有具备ELK知识的人可以提供帮助?
谢谢
这表明它正在尝试加入集群,但由于某种原因而无法(例如,防火墙-加入集群时双向通信)。 简便的解决方案是将protocol => http添加到您的elasticsearch输出中。 这将起作用,因为您已经确认防火墙已朝该方向打开。
在IIS服务器web.config文件中放置<httpProtocol>的位置
[英]Where to place <httpProtocol> in IIS Server web.config file
如何检查machine.config文件中的更改是否由IIS使用?
[英]How do I check the changes in machine.config file are consumed by the IIS?
IIS-Windows Server 2012 R2-禁止文件权限扩展[web.config]
[英]IIS - Windows Server 2012 R2 - File Permission Forbidden Extension [web.config]
IIS Express applicationhost.config-身份验证错误
[英]IIS Express applicationhost.config - authentication error
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.