從logstash發送日志到elasticsearch不匹配
[英]Send logs from logstash to elasticsearch mismatch
問題描述
我正在嘗試將日志從帶有 filebeat 的服務器發送到另一台托管 logstash 和 elasticsearch 的服務器。 一切都是最新最好的(7.8.0)。 問題是,我從 logstash 收到錯誤消息。
這是我從logstash得到的錯誤:
[2020-07-17T20:17:43,845][WARN ][logstash.outputs.elasticsearch][main][8ce40c8c6d7b7e92195bf01fa9d2c86d4bb1a87e7565d54444d45d82ebbd311f] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash", :routing=>nil, :_type=>"_doc"}, #<LogStash::Event:0x2594ed33>], :response=>{"index"=>{"_index"=>"logstash-2020.07.14-000001", "_type"=>"_doc", "_id"=>"0yZsXnMBpYpmFLee7cmh", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [host] of type [text] in document with id '0yZsXnMBpYpmFLee7cmh'. Preview of field's value: '{hostname=server150, os={kernel=3.10.0-1062.18.1.el7.x86_64, codename=Core, name=CentOS Linux, family=redhat, version=7 (Core), platform=centos}, containerized=false, ip=[*censoring public ip*], name=server150, id=3eec437c66d444a59ef5f075a429441d, mac=[*cencored*], architecture=x86_64}'", "caused_by"=>{"type"=>"illegal_state_exception", "reason"=>"Can't get text on a START_OBJECT at 1:111"}}}}}
我已經遵循了其他有此問題的人的建議,這就是我的 logstash conf 文件的樣子(嘗試使用 mutate 部分修復它):
input{
file{
path => "/var/log/commands.log"
}
beats{
port => 5044
}
}
filter {
mutate {
rename => ["host", "server"]
convert => {"server" => "string"}
}
if [path] == "/var/log/commands.log" {
grok{
match => { "message" => "\[(%{TIMESTAMP_ISO8601:sys_timestamp})\]\s(?<field1>[0-9a-zA-Z_-]+)\s(?<field2>[0-9a-zA-Z_-]+)\:USER=(?<field3>[0-9a-zA-Z_-]+)\sPWD=(?<field4>[0-9a-zA-Z_/-]+)\sPID=\[(?<field5>[0-9]+)\]\sCMD=\"(?<field6>.*)\"\sExit=\[(?<field7>[0-9]+)\]\sCONNECTION=(?<field8>.*)"
}
}
}
}
output{
elasticsearch {
hosts => ["localhost:9200"]
index => "filteredindex"
}
}
但我仍然得到同樣的錯誤。 我認為這只是數據不匹配,我無法讓它發揮作用。 有誰知道缺少什么? 非常感謝!
1 個解決方案
解決方案1
0 2020-07-27 14:54:11
我面臨着同樣的問題。 添加以下內容解決了我的問題:
mutate {
remove_field => [ "host" ]
}
logstash org.elasticsearch.discovery.MasterNotDiscoveredException錯誤
[英]logstash org.elasticsearch.discovery.MasterNotDiscoveredException error
如何處理send()中的緩沖區長度輸入和返回值大小不匹配?
[英]How to handle the buffer length input and return value size mismatch in send()?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.