Logstash不读文件输入 [英] Logstash not reading file input

问题描述

我有一个奇怪的问题与Logstash。我提供一个日志文件作为logstash的输入。配置如下：

  input {
 file {
 type => apache-access
 path => [C：\Users\spanguluri\Downloads\logstash\bin\test.log] 
} 
} 
输出{
 elasticsearch {
 protocol => http
 host => 10.35.143.93
 port => 9200
 index => latestindex
} 
} 
  

我正在运行弹性搜索服务器并验证如果使用
卷曲查询收到数据。问题是，当输入是文件时，不会收到任何数据。但是，如果将输入更改为 stdin {} ，则会顺利发送所有输入数据：

  input {
 stdin {} 
} 
 output {
 elasticsearch {
 protocol => http
 host => 10.35.143.93
 port => 9200
 index => newindex
} 
} 
  

我没有得到我在哪里出错有人可以看看这个吗？

解决方案

你应该在你的文件部分下设置start_position：

  start_position => 开始
  

它默认结束，因此不会读取文件中的任何现有行，只有新增的：

start_position

 值可以是以下任何一种：开始，结束
默认值为end
  

选择Logstash开始初始读取文件的位置：起始
或最后。处理像活动流和
这样的文件的默认行为从而开始。如果您要导入旧数据，请将
设置为'开始'

此选项仅修改文件为$ b的第一联系人 $ b新，未见过。如果以前已经看到一个文件，这个
选项没有任何效果。

I have a strange problem with Logstash. I am providing a log file as input to logstash. The configuration is as follows:

input {
  file {
    type => "apache-access"
    path => ["C:\Users\spanguluri\Downloads\logstash\bin\test.log"]
  }
}
output {
  elasticsearch {
    protocol => "http"
    host => "10.35.143.93"
    port => "9200"
    index => "latestindex"
  }
}

I am running elasticsearch server already and verifying if the data is being received with curl queries. The problem is, no data is being received when the input is a file. However, if I change input to stdin { } as follows, it sends all input data smoothly:

input {
  stdin{ }
}
output {
  elasticsearch {
    protocol => "http"
    host => "10.35.143.93"
    port => "9200"
    index => "latestindex"
  }
}

I don't get where I am going wrong. Can someone please take a look at this?

解决方案

You should set start_position under your file section:

start_position => "beginning"

It defaults to end and so won't read any existing lines in your file, only newly added ones:

start_position

Value can be any of: "beginning", "end"
Default value is "end"

Choose where Logstash starts initially reading files: at the beginning or at the end. The default behavior treats files like live streams and thus starts at the end. If you have old data you want to import, set this to ‘beginning’

This option only modifies "first contact" situations where a file is new and not seen before. If a file has already been seen before, this option has no effect.

这篇关于Logstash不读文件输入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！