elasticsearch 无法使用Logstash在Elasticsearch中放置的数据绘制Kibana中的值,elasticsearch,logstash,kibana,elasticsearch,Logstash,Kibana" /> elasticsearch 无法使用Logstash在Elasticsearch中放置的数据绘制Kibana中的值,elasticsearch,logstash,kibana,elasticsearch,Logstash,Kibana" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch 无法使用Logstash在Elasticsearch中放置的数据绘制Kibana中的值

elasticsearch 无法使用Logstash在Elasticsearch中放置的数据绘制Kibana中的值

logstash kibana

elasticsearch 无法使用Logstash在Elasticsearch中放置的数据绘制Kibana中的值,elasticsearch,logstash,kibana,elasticsearch,Logstash,Kibana,我有一个日志,如下所示: 2014-06-12T14:59:01.120997 - MONITOR - Load [0.01] Spawn [9] 2014-06-12T15:00:01.187993 - MONITOR - Load [0.67] Spawn [7] 2014-06-12T15:01:01.292163 - MONITOR - Load [0.86] Spawn [0] 2014-06-12T15:02:01.409863 - PROVISION - [other line f

我有一个日志,如下所示:

2014-06-12T14:59:01.120997 - MONITOR - Load [0.01] Spawn [9]
2014-06-12T15:00:01.187993 - MONITOR - Load [0.67] Spawn [7]
2014-06-12T15:01:01.292163 - MONITOR - Load [0.86] Spawn [0]
2014-06-12T15:02:01.409863 - PROVISION - [other line format]
2014-06-12T15:02:03.305833 - MONITOR - Load [0.09] Spawn [8]
我有logstash监控它,并发送到elasticsearch与此输入和过滤器更有效的方式写这也赞赏。我对logstash/elasticsearch一无所知:

input {
   file {
       type => "load_monitor"
       path => "/var/log/load_monitor.log"
       sincedb_path => ["/opt/load_monitor"]
   }
}

filter {
    if [type] == "load_monitor" {
        grok {
            match => ["message", "%{TIMESTAMP_ISO8601:logtime} - %{WORD:montype} - %{GREEDYDATA:content}"]
        }
        if [montype] == "MONITOR" {
            grok {
                match => ["content", "Load \[%{NUMBER:load:float}\] Spawn \[%{NUMBER:spawn:int}\]"]
            }
            mutate {
                remove_field => ['content']
            }
        }
        if [montype] == "PROVISION" {
            // do other stuff
        }
    }
}
通过kibana在elasticsearch中似乎是正确的。加载和繁殖字段存在并正确填充:

{ 
"message":"2014-06-12T15:15:01.436632 - MONITOR - Load [0.71] Spawn [5]",
"@version":"1",
"@timestamp":"2014-06-12T22:15:02.304Z",
"type":"load_monitor",
"host":"prx01",
"path":"/var/log/load_monitor.log",
"logtime":"2014-06-12T15:15:01.436632",
"montype":"MONITOR",
"load":0.71,
"spawn":5 
}
当我尝试在kibana中创建spawn值的柱状图时,spawn不是自动建议的,并且在尝试绘制spawn图形时出现以下错误:

SearchParseException[
    [logstash-2014.06.12][4]: from[-1],size[-1]: 
    Parse Failure [
        Failed to parse source  
        [
            {
                "facets": {
                    "0": {
                        "date_histogram": {"key_field":"@timestamp","value_field":"spawn","interval":"10s"},
                        "global":true,
                        "facet_filter": {
                            "fquery":{ 
                                "query":{
                                    "filtered":{
                                        "query":{
                                            "query_string": {
                                                "query":"type: \"load_monitor\""
                                            }
                                        },
                                        "filter":{
                                            "bool":{
                                                "must":[
                                                    {
                                                        "range":{
                                                            "@timestamp":{"from":1402610796579,"to":1402611696579}
                                                        }
                                                    },
                                                    {
                                                        "fquery":{
                                                            "query":{
                                                                "query_string":{
                                                                    "query":"type:(\"load_monitor\")"
                                                                }
                                                            },
                                                            "_cache":true
                                                        }
                                                    }
                                                ]
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                },
                "size":0
            }
        ]
    ]
]
有人能帮忙吗?我怀疑我必须告诉elasticsearch以某种方式使spawn字段可搜索,但我不确定如何进行搜索。

在进行查询时,您应该查看elasticsearch的日志,并粘贴相应的跟踪。日志显示此异常:ClassCastException[org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData无法强制转换为org.elasticsearch.index.fielddata.IndexNumericFieldData]然而,在收集了大约24小时的数据后,当我选择12小时或更短的时间段时,spawn的直方图现在可以工作。我想这是因为我最初没有在logstash grok过滤器中指定:int。当我包含在使用:int说明符之前的数据时,我得到了错误。