- elasticsearch/
elasticsearch 日志存储-管道已终止
elasticsearch 日志存储-管道已终止
我正在学习麋鹿的堆叠。现在,我在AWS实例上设置了Elasticsearch和Kibana。我正在通过我编写的Java控制台应用程序成功地将文档写入索引上的Elasticsearch索引。我可以在Kibana看到那些日志。现在,我想看到这些日志输入到另一台机器上的Logstash中 为了做到这一点,我安装了Logstash。我添加了以下配置: logstash.conf
input {
elasticsearch {
hosts => "https://<aws-instance>.us-east-1.aws.found.io:9243"
user => "<myUsername>"
password => "<myPassword>"
index => "<myIndexName>"
query => '{ "query": { "match": { "statuscode": 200 } }, "sort": [ "_doc" ] }'
}
}
output {
stdout { }
}
我不知道为什么它会关闭。看起来logstash从错误的文件中读取管道配置。默认情况下,您应该将管道配置放在此目录
/etc/logstash/conf.d/conf.d/etc/logstash.inputs.elasticsearchDEBUGbin\Logstash–f Logstash.confSending Logstash logs to C:/Temporary/logs which is now configured via log4j2.properties
[...][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[...][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.4.2"}
[...][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[...][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x13bbcec sleep>"}
[...][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[...][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[...][INFO ][logstash.pipeline ] Pipeline has terminated {:pipeline_id=>"main", :thread=>"#<Thread:0x13bbcec run>"}
[...][DEBUG][logstash.inputs.elasticsearch] Closing {:plugin=>"LogStash::Inputs::Elasticsearch"}