即使收获成功,Filebeat 也不会将日志发送到 Logstash
[英]Filebeat Is not Sending Logs to Logstash even Harvesting Successfull
问题描述
我正在尝试使用 ELK 空间来收集文件日志。 一切正常,直到 filebeat 集成。 我可以通过 tcp 将日志发送到 logstash 并在 kibana 中查看。 但是我无法实现 filebeat 设置来发送日志。 它接缝发送数据但在elasticsearch中看不到。
使用此命令创建elasticsearch。
docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" --name elasticsearch docker.elastic.co/elasticsearch/elasticsearch:7.5.2
基巴纳:
docker run -d -p 5601:5601 -h kibana --name kibana --link elasticsearch:elasticsearch docker.elastic.co/kibana/kibana:7.5.2
日志存储:
docker run -d -p 5044:5044 -p 5000:5000 -h logstash --name logstash --link elasticsearch:elasticsearch -vc:/elk2/config-dir:/config-dir docker.elastic.co/logstash/logstash:7.5.2 -f /config-dir/logstash.conf
Logstash.conf 文件
input {
beats {
type => "test"
port => "5044"
}
}
filter {
#If log line contains tab character followed by 'at' then we will tag that entry as stacktrace
if [message] =~ "\tat" {
grok {
match => ["message", "^(\tat)"]
add_tag => ["stacktrace"]
}
}
}
output {
stdout {
codec => rubydebug
}
# Sending properly parsed log events to elasticsearch
elasticsearch {
hosts => ["elasticsearch:9200"]
}
}
在 Windows 10 机器上运行 filebeat。 下载的 zip 和 filebeat.yml 配置
filebeat.modules:
filebeat.inputs:
- type: log
enabled: true
paths:
- C:/elk2/filebeat/log/*.log
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
output:
logstash:
hosts: ["localhost:5044"]
#Also tried 127.0.0.1/logstash/ip... as hosts here
首先以管理员模式运行powershell
./install-service-filebeat.ps1
然后
./filebeat.exe -c ./filebeat.yml
2020-01-26T22:28:45.652+0300 INFO log/harvester.go:251 Harvester started for file: C:\elk2\filebeat\log\logstash-mehmet.log
2020-01-26T22:29:15.651+0300 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":250,"time":{"ms":250}},"total":{"ticks":343,"time":{"ms":343},"value":343},"user":{"ticks":93,"time":{"ms":93}}},"handles":{"open":664},"info":{"ephemeral_id":"46f26124-44e5-4733-a259-4bed65d07a05","uptime":{"ms":32977}},"memstats":{"gc_next":9518416,"memory_alloc":6349856,"memory_total":10791408,"rss":39120896},"runtime":{"goroutines":28}},"filebeat":{"events":{"added":2,"done":2},"harvester":{"open_files":1,"running":1,"started":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"type":"logstash"},"pipeline":{"clients":1,"events":{"active":0,"filtered":2,"total":2}}},"registrar":{"states":{"current":1,"update":2},"writes":{"success":2,"total":2}},"system":{"cpu":{"cores":8}}}}}
但弹性搜索没有结果。
2 个解决方案
解决方案1
0 2020-01-27 11:29:21
尝试删除端口中的引号
input {
beats {
type => "test"
port => 5044
}
}
解决方案2
0 2020-01-28 10:13:32
更改logstash.conf中的输入部分,然后重试,
input {
beats { port => 5044 }
}
转发码头工具GELF使用Filebeat(或其他?)登录Logstash
[英]Forwarding docker GELF logs to Logstash with Filebeat (or alternative?)
Filebeat 不尝试连接到 backoff/Logstash 并且没有日志发送到 Logstash
[英]Filebeat doesn't try to connect to backoff/Logstash and no logs sent to Logstash
如何使用filebeat或logstash,fluentd读取pod内kubernetes中的stdout stderr日志
[英]How to read stdout stderr logs in kubernetes within pod using filebeat or logstash,fluentd
使用Ruby on Rails Docker映像将日志发送到ELK中的Logstash
[英]Sending Logs to Logstash in ELK using Ruby on Rails Docker Image
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Filebeat 不会将日志发送到 kubernetes 上的 logstash
Filebeat 不会将日志发送到 logstash
转发码头工具GELF使用Filebeat(或其他?)登录Logstash
Filebeat 不尝试连接到 backoff/Logstash 并且没有日志发送到 Logstash
Filebeat 7.2-将日志从Docker容器保存到Logstash
如何使用filebeat或logstash,fluentd读取pod内kubernetes中的stdout stderr日志
Filebeat没有将日志推送到Elasticsearch
Docker Filebeat Nginx 日志
Filebeat没有转发日志
使用Ruby on Rails Docker映像将日志发送到ELK中的Logstash
相关标签