堆棧內存溢出
  簡體   English   中英

使用Logstash將數據從文件導入到ElasticSearch

[英]Importing data from file to ElasticSearch with logstash

 原文  2018-03-02 13:59:02       elasticsearch/ logstash/ logstash-grok/ logstash-configuration/ logstash-file

問題描述

我有一個腳本,用於記錄來自不同傳感器的溫度和濕度,並將每個傳感器的數據存儲到他的目錄中,並且每天都會以YYYY-MM-DD.log格式創建新日志。 

${data_root}/A/0/*.log 
${data_root}/A/1/*.log
ETC..

日志采用以下格式: 

2018-03-02 03:48:14 25.00 27.10

(YYYY-MM-DD TIME溫度濕度)

我在理解如何正確配置Logstash實例時遇到了麻煩,我發現我的輸入應如下所示: 

input {
 file{ path => "/var/wlogs/a1/*.log" type=>"a1"}
 file{ path => "/var/wlogs/a2/*.log" type=>"a2"}
etc..
}

過濾器應如下所示: 

filter{
if [type] == "a1" {
 grok {
  match => { "message" => "(?<timestamp>%{YEAR}-%{MONTHNUM:month}-%{MONTHDAY:day} %{TIME}) %{NUMBER:temperature:float} %{NUMBER:humidity:float}" }
}
}
if [type] == "a2" {....}

我試圖將輸出部分中的數據導出到ElasticSearch,但沒有成功。 

output{
elasticsearch { hosts =>["ec2-xxxxxx.eu-west-2.compute.amazonaws.com:9200"] user=>"elastic" password=>"pass" index=>"{type}"}
stdout{ codec => rubydebug}
}

這是我嘗試運行它時的控制台輸出: 

ubuntu@ip-xxx-xxx:/usr/share/logstash$ sudo bin/logstash -f ~/logstash.conf
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[INFO ] 2018-03-02 13:43:34.633 [main] scaffold - Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[INFO ] 2018-03-02 13:43:34.647 [main] scaffold - Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[WARN ] 2018-03-02 13:43:35.063 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2018-03-02 13:43:35.209 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.2.2"}
[INFO ] 2018-03-02 13:43:35.430 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[INFO ] 2018-03-02 13:43:36.145 [Ruby-0-Thread-1: /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:22] pipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[INFO ] 2018-03-02 13:43:36.318 [[main]-pipeline-manager] elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@ec2-no.eu-west-2.compute.amazonaws.com:9200/]}}
[INFO ] 2018-03-02 13:43:36.327 [[main]-pipeline-manager] elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://elastic:xxxxxx@ec2-no.eu-west-2.compute.amazonaws.com:9200/, :path=>"/"}
[WARN ] 2018-03-02 13:43:36.447 [[main]-pipeline-manager] elasticsearch - Restored connection to ES instance {:url=>"http://elastic:xxxxxx@ec2-3no3.eu-west-2.compute.amazonaws.com:9200/"}
[INFO ] 2018-03-02 13:43:36.610 [[main]-pipeline-manager] elasticsearch - ES Output version determined {:es_version=>nil}
[WARN ] 2018-03-02 13:43:36.611 [[main]-pipeline-manager] elasticsearch - Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>6}
[INFO ] 2018-03-02 13:43:36.616 [[main]-pipeline-manager] elasticsearch - Using mapping template from {:path=>nil}
[INFO ] 2018-03-02 13:43:36.619 [[main]-pipeline-manager] elasticsearch - Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[INFO ] 2018-03-02 13:43:36.626 [[main]-pipeline-manager] elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//ec2-no.eu-west-2.compute.amazonaws.com:9200"]}
[INFO ] 2018-03-02 13:43:37.054 [Ruby-0-Thread-1: /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:22] pipeline - Pipeline started succesfully {:pipeline_id=>"main", :thread=>"#<Thread:0x25b5f422@/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:246 run>"}
[INFO ] 2018-03-02 13:43:37.081 [Ruby-0-Thread-1: /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:22] agent - Pipelines running {:count=>1, :pipelines=>["main"]}

請幫助我弄清楚我在做什么以及如何解決它:)預先感謝

PS:我正在使用最新版本的ElasticSearch,Kibana和Logstash

1 個解決方案

解決方案1
 0  2018-03-06 04:33:45

在日志中看不到任何錯誤。 讓我認為以前的嘗試中可能已經讀取了日志文件。 由於文件偏移量保留在主目錄中的sincedb文件中,因此您可以停止logstash,刪除該文件然后重試嗎?

有關sincedb文件的更多詳細信息,請參閱https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Logstash 不將數據從外部文件寫入 elasticsearch 用於從多個ouchdb數據庫Logstash導入數據的配置文件 Elasticsearch + Logstash:如何在導入時基於現有數據添加字段 使用logstash將csv文件導入elasticsearch時出錯 Logstash-JDBC 插件:將數百萬條記錄從 Oracle 導入 ElasticSearch 使用Logstash將數據從Elasticsearch導出到CSV 使用 Logstash 將數據從 mongoDB 同步到 elasticsearch Elasticsearch不存儲Logstash的Geoip數據 Logstash插件,用於從Cassandra到ElasticSearch的數據傳輸 使用Logstash將數據從mysql導入Elasticsearch
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM