Logstash无法读取配置文件 [英] Config file not getting read by logstash

问题描述

我已经在Windows机器上使用以下命令设置了Elk堆栈:

I have set up Elk stack on my windows machine with the following :

弹性ser
Logstash
基巴纳语

Elasticserach
Logstash
Kibana

我的logstash.conf

input {
file {
path => "\bin\MylogFile.log"
start_position => "beginning"
}
}
output { 
elasticsearch { 
hosts => localhost:9200
}
}

MylogFile.log(Apache日志)

127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)"

当我运行 logstash.conf 时，它将在elasticsearch中创建以下索引:

When I run logstash.conf it creates the following index in elasticsearch :

 health  status   index                            
 yellow  open     logstash-2016.10.06

以上索引为空，没有从我的日志文件中获取任何数据.请帮忙?我对Elk Stack非常陌生.

The above index is empty and does not get any data from my log file. Please help? I am very new to Elk stack.

当我使用以下方法查询索引 logstash-2016.10.10 时:

When i query the index logstash-2016.10.10 using: http://localhost:9200/logstash-2016.10.10?=pretty=true. I get the following :

"logstash-2016.10.10" : {
    "aliases" : { },
    "mappings" : {
      "_default_" : {
        "_all" : {
          "enabled" : true,
          "omit_norms" : true
        },
        "dynamic_templates" : [ {
          "message_field" : {
            "mapping" : {
              "index" : "analyzed",
              "omit_norms" : true,
              "fielddata" : {
                "format" : "disabled"
              },
              "type" : "string"
            },
            "match" : "message",
            "match_mapping_type" : "string"
          }
        }, {
          "string_fields" : {
            "mapping" : {
              "index" : "analyzed",
              "omit_norms" : true,
              "fielddata" : {
                "format" : "disabled"
              },
              "type" : "string",
              "fields" : {
                "raw" : {
                  "index" : "not_analyzed",
                  "ignore_above" : 256,
                  "type" : "string"
                }
              }
            },

推荐答案

尝试在logstash conf中添加以下几行，并让我们知道是否存在grokparsing失败...这意味着您在过滤器部分中使用的模式不正确..

try adding following lines to your logstash conf and let us know if there are any grokparsing failures...which would mean your pattern used in filter section is not correct..

output {
  stdout { codec => json }
  file { path => "C:/POC/output3.txt" }
}

如果您看到grok解析失败: 尝试在过滤器部分中使用通用表达式，然后慢慢优化以正确解析您的日志

in case you see grok parsing failures : try a generic expresion in filter section and slowly refine that to correctly parse your logs

这篇关于Logstash无法读取配置文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！