未使用Logstash解析输出文件和编解码器的配置 [英] Configuration with output file and codec not parsed by logstash

问题描述

我正在尝试简单"的logstash配置，并希望输出文件进行检查.因此，我从 https://www中获取了conf. elastic.co/guide/en/logstash/current/plugins-outputs-file.html 并将其放在我的conf中:

I'm trying a "simple" logstash configuration and want to ouput on a file to check. So I took the conf from https://www.elastic.co/guide/en/logstash/current/plugins-outputs-file.html and put it in my conf:

input {                                                                                                                                                                                                                                   
  file {
    exclude => ['*.gz']
    path => ['/var/log/*.log']
    type => 'system logs'
  }
  syslog {
    port => 5000
  }
}

output {
  elasticsearch {
    hosts => ['elasticsearch']
  }

  file {
    path => "/config/logstash_out.log"
    codec => {
      line  {
        format => "message: %{message}"
      }
    }
  }

  stdout {}
}

但是当我启动它(sudo docker run -it --rm --name logstash -p 514:5000 --link elasticsearch:elasticsearch -v "$PWD":/config logstash logstash -f /config/logstash.conf)时，我收到了logstash的投诉:

but when I launch it (sudo docker run -it --rm --name logstash -p 514:5000 --link elasticsearch:elasticsearch -v "$PWD":/config logstash logstash -f /config/logstash.conf), I've got a complaint from logstash:

fetched an invalid config 
{:config=>"input {
  file {
    exclude => ['*.gz']
    path => ['/var/log/*.log']
    type => 'system logs'
  }
  syslog {
    port => 5000
  }
}
output {
  elasticsearch {
    hosts => ['elasticsearch']
  }

  file {
    path => \"/config/logstash_out.log\"
    codec => { 
      line  { 
        format => \"message: %{message}\"
      }
    }
  }

  stdout {}
}"
, :reason=>"Expected one of #, => at line 20, column 13 (byte 507) 
after output {  elasticsearch {\n    hosts => ['elasticsearch']\n  }
\n\n  file {\n    path => \"/config/logstash_out.log\"\n    
codec => { \n      line  ", :level=>:error}

(我已经重新格式化了一点，以便于阅读)

(I've reformatted a bit so it's more readable)

任何想法为何?我看到了 logstash输出到文件并忽略编解码器，但是提出了解决方案标记为已弃用"，因此我想避免

Any ideas why? I'seen logstash output to file and ignores codec but the proposed solution is marked as DEPRECATED so I would like to avoid

谢谢！

推荐答案

与本教程一样，您使用了错误的格式. 这是拉取请求.

You have the wrong format just like the tutorial. Here is the pull request.

不是

codec => { 
      line  { 
        format => \"message: %{message}\"
      }
     }

但是是

codec =>
      line  {
        format => "message: %{message}"
      }

您不需要在行周围添加括号.

You don't need to add quirly brackets around line.

这是您的正确配置.

input {                                                                                                                                                                                                                                   
  file {
    exclude => ['*.gz']
    path => ['/var/log/*.log']
    type => 'system logs'
  }
  syslog {
    port => 5000
  }
}

output {
  elasticsearch {
    hosts => ['elasticsearch']
  }

  file {
    path => "/config/logstash_out.log"
    codec =>
      line  {
        format => "message: %{message}"
      }

  }

  stdout {}
}

这篇关于未使用Logstash解析输出文件和编解码器的配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！