[英]logstash org.elasticsearch.discovery.MasterNotDiscoveredException error
我已經使用elasticcsearch-0.20.6安裝了logstash 1.1.13以下的logstash.conf配置
input {
tcp {
port => 524
type => rsyslog
}
udp {
port => 524
type => rsyslog
}
}
filter {
grok {
type => "rsyslog"
pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" ]
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{@source_host}" ]
}
syslog_pri {
type => "rsyslog"
}
date {
type => "rsyslog"
syslog_timestamp => [ "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
mutate {
type => "rsyslog"
exclude_tags => "_grokparsefailure"
replace => [ "@source_host", "%{syslog_hostname}" ]
replace => [ "@message", "%{syslog_message}" ]
}
mutate {
type => "rsyslog"
remove => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ]
}
}
output {
elasticsearch {
host => "127.0.0.1"
port => 9300
node_name => "sysloG33r-1"
bind_host => "localhost"
}
}
和
elasticsearch.yml
cluster:
name: syslogcluster
node:
name: "sysloG33r-1"
path:
data: /var/lib/elasticsearch
path:
logs: /var/log/elasticsearch
network:
host: "0.0.0.0"
並使用命令啟動logstash
[root@clane elasticsearch]# java -jar /usr/local/bin/logstash/bin/logstash.jar agent -f /etc/logstash/logstash.conf
Using experimental plugin 'syslog_pri'. This plugin is untested and may change in the future. For more information about plugin statuses, see http://logstash.net/docs/1.1.13/plugin-status {:level=>:warn}
date: You used a deprecated setting 'syslog_timestamp => ["MMM d HH:mm:ss", "MMM dd HH:mm:ss"]'. You should use 'match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]' {:level=>:warn}
PORT SETTINGS 127.0.0.1:9300
log4j, [2013-06-21T14:40:08.013] WARN: org.elasticsearch.discovery: [sysloG33r-1] waited for 30s and no initial state was set by the discovery
Failed to index an event, will retry {:exception=>org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [1m], :event=>{"@source"=>"tcp://10.66.59.35:34662/", "@tags"=>[], "@fields"=>{"syslog_pri"=>["78"], "syslog_program"=>["crond"], "syslog_pid"=>["6511"], "received_at"=>["2013-06-21T13:40:01.845Z"], "received_from"=>["10.66.59.35"], "syslog_severity_code"=>6, "syslog_facility_code"=>9, "syslog_facility"=>"clock", "syslog_severity"=>"informational"}, "@timestamp"=>"2013-06-21T12:40:01.000Z", "@source_host"=>"kent", "@source_path"=>"/", "@message"=>"(root) CMD (/opt/bin/firewall-state.sh)", "@type"=>"rsyslog"}, :level=>:warn}
和彈性研究
/usr/local/bin/elasticsearch start
我可以看到彈性搜索的所有正確的java端口(9200,9300)和logstash(524)
tcp 0 0 :::524 :::* LISTEN 12557/java
tcp 0 0 :::9200 :::* LISTEN 10782/java
tcp 0 0 :::9300 :::* LISTEN 10782/java
tcp 0 0 ::ffff:127.0.0.1:9301 :::* LISTEN 12557/java
udp 0 0 :::524 :::* 12557/java
udp 0 0 :::54328 :::* 10782/java
但是我在logstash上看到這個錯誤,有什么想法嗎?
Failed to index an event, will retry {:exception=>org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [1m], :event=>{"@source"=>"tcp://10.66.59.35:33598/", "@tags"=>[], "@fields"=>{"syslog_pri"=>["78"], "syslog_program"=>["crond"], "syslog_pid"=>["12983"], "received_at"=>["2013-06-21T12:07:01.541Z"], "received_from"=>["10.66.59.35"], "syslog_severity_code"=>6, "syslog_facility_code"=>9, "syslog_facility"=>"clock", "syslog_severity"=>"informational"}, "@timestamp"=>"2013-06-21T11:07:01.000Z", "@source_host"=>"kent", "@source_path"=>"/", "@message"=>"(root) CMD (/opt/bin/firewall-state.sh)", "@type"=>"rsyslog"}, :level=>:warn}
我假設你已經檢查過明顯的事情,比如“ElasticSearch正在運行嗎?” 並且“我可以在localhost上打開到端口9300的TCP連接嗎?”
即使您正在使用host在參數elasticsearch輸出,什么是可能發生的是,在Logstash的ElasticSearch客戶端試圖通過多播來發現群集成員(這是怎樣一個新的安裝通常是默認配置),以及失敗。 這在EC2以及防火牆配置可能會干擾多播發現的許多其他環境中很常見。 如果這是群集中唯一的成員,則在elasticsearch.yml設置以下內容應該可以解決問題:
discovery:
zen:
ping:
multicast:
enabled: false
unicast:
hosts: <your_ip>[9300-9400]
在AWS上,還有一個EC2發現插件,可以為您清除這一點。
順便提一下,這個問題確實屬於Server Fault而不是Stack Overflow。
我遇到了類似的問題,它來自我的ip配置。 簡而言之,檢查logstash主機上只有一個ip地址。 如果沒有,它可以選擇錯誤的。
在這里發表相同的答案: 使用Elasticsearch進行Logstash
我遇到了同樣的問題,並通過在logstash中的elasticsearch conf中添加cluster選項來修復。 由於您已在elasticsearch.yml中修改了群集名稱,因此logstash客戶端將無法使用默認值查找群集。
嘗試這樣做
關於localhost Java客戶端錯誤的Elasticsearch 2.1.1:MasterNotDiscoveredException [等待[30s]]
[英]Elasticsearch 2.1.1 on localhost Java client error: MasterNotDiscoveredException[waited for [30s]]
MasterNotDiscoveredException-使用NodeClient連接到使用dyanamic ip在機器上運行的elasticsearch
[英]MasterNotDiscoveredException - connecting to elasticsearch running on machine with dyanamic ip using NodeClient
在搜索單詞時,logstash引發org.elasticsearch.action.search.SearchPhaseExecutionException
[英]logstash throw org.elasticsearch.action.search.SearchPhaseExecutionException when search a word
更新時出錯:org.elasticsearch.ElasticsearchIllegalArgumentException:無法執行腳本
[英]Error on update:org.elasticsearch.ElasticsearchIllegalArgumentException: failed to execute script
Logstash 由於錯誤而停止處理:(NameError) 無法加載 (ext) (org.jruby.ext.openssl.OpenSSL)
[英]Logstash stopped processing because of an error: (NameError) cannot load (ext) (org.jruby.ext.openssl.OpenSSL)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.