logstash输出到文件并忽略编解码器 [英] logstash output to file and ignores codec
问题描述
我使用的cfg文件:
input {
gelf {
host => [some ip]
port => 12201
}
}
输出{
elasticsearch {
host => [some ip]
bind_port => 9301
}
file {
codec =>无格式{
format => %{[time]}}%{[severity]}:/%{[thread]} /%{[loggername]}(%{[sourcemethodname]}) - %{[message]
path => /用户/ [某用户] /日志/%{host} /%{facility} - %{+ YYYY-MM-dd} .log
}
}
我以为我使用了错误的格式,为字段尝试了不同的组合,如%{time},甚至试图使用像:
codec => plain {format => 简单的行}
但似乎没有任何工作。它输出到elasticsearch罚款,创建文件夹/文件,但输出为JSON。
如果有人知道这是怎么回事,请帮助。
Thanks。
could please someone explain to me, why logstash keeps ignoring "codec => plain => format" setting, I am trying to set? Cfg file I am using: I thought I used the wrong format, tried different combinations like "%{time}" for fields and even tried to use constant text like: But nothing seems to work. It outputs to the elasticsearch fine, create folder/files, but outputs it as JSON. If anyone knows what is going on with it, please help.
Thanks.
这篇关于logstash输出到文件并忽略编解码器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
$ p $ file {
message_format => %{[time]}%{[严重性]}:%{[thread]} /%{[loggername]}(%{[sourcemethodname]}) - %{[message]}
path => / Users / [some user] / logs /%{host} /%{facility} - %{+ YYYY-MM-dd} .log
input {
gelf {
host => "[some ip]"
port => 12201
}
}
output {
elasticsearch {
host => "[some ip]"
bind_port => "9301"
}
file {
codec => plain {
format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
}
path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}
}
codec => plain {format => "Simple line"}
file has a message_format parameter that is what you'll want to use:file {
message_format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}
