elasticsearch elasticsearch、fluentd、kibana,elasticsearch,kibana,fluentd,elasticsearch,Kibana,Fluentd" /> elasticsearch elasticsearch、fluentd、kibana,elasticsearch,kibana,fluentd,elasticsearch,Kibana,Fluentd" />
Fatal编程技术网

elasticsearch elasticsearch、fluentd、kibana

kibana

elasticsearch elasticsearch、fluentd、kibana,elasticsearch,kibana,fluentd,elasticsearch,Kibana,Fluentd,我正在尝试部署一个基础设施(elasticsearch、fluentd、kibana),通过fluentd更改日志存储 Fluentd在elasticsearch中保存记录不会出现问题。我正在使用值为true的logstash\u格式指令与logstash兼容 Kibana没有显示任何记录 使用tcpdump,我可以看到从kibana到elasticsearch的请求(以及响应) 返回我仅有的索引 POST /logstash-2014.03.29/_search?search_type=cou

我正在尝试部署一个基础设施(elasticsearch、fluentd、kibana),通过fluentd更改日志存储

Fluentd在elasticsearch中保存记录不会出现问题。我正在使用值为true的
logstash\u格式
指令与logstash兼容

Kibana没有显示任何记录

使用tcpdump,我可以看到从kibana到elasticsearch的请求(以及响应)

返回我仅有的索引

POST /logstash-2014.03.29/_search?search_type=count HTTP/1.1
有了这些数据

{
  "facets": {
    "0": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "10m"
      },
      "global": true,
      "facet_filter": {
        "fquery": {
          "query": {
            "filtered": {
              "query": {
                "query_string": {
                  "query": "*"
                }
              },
              "filter": {
                "bool": {
                  "must": [
                    {
                      "range": {
                        "@timestamp": {
                          "from": 1396032396265,
                          "to": "now"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        }
      }
    }
  },
  "size": 0
}

{
  "query": {
    "filtered": {
      "query": {
        "bool": {
          "should": [
            {
              "query_string": {
                "query": "*"
              }
            }
          ]
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "from": 1396032396560,
                  "to": "now"
                }
              }
            }
          ]
        }
      }
    }
  },
  "highlight"
返回

{
  "took": 15,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 159,
    "max_score": 0,
    "hits": []
  },
  "facets": {
    "0": {
      "_type": "date_histogram",
      "entries": []
    }
  }
}

POST /logstash-2014.03.29/_search HTTP/1.1
有了这些数据

{
  "facets": {
    "0": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "10m"
      },
      "global": true,
      "facet_filter": {
        "fquery": {
          "query": {
            "filtered": {
              "query": {
                "query_string": {
                  "query": "*"
                }
              },
              "filter": {
                "bool": {
                  "must": [
                    {
                      "range": {
                        "@timestamp": {
                          "from": 1396032396265,
                          "to": "now"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        }
      }
    }
  },
  "size": 0
}

{
  "query": {
    "filtered": {
      "query": {
        "bool": {
          "should": [
            {
              "query_string": {
                "query": "*"
              }
            }
          ]
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "from": 1396032396560,
                  "to": "now"
                }
              }
            }
          ]
        }
      }
    }
  },
  "highlight"
不返回任何记录

{
  "took": 8,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 0,
    "max_score": null,
    "hits": []
  }
}
但是如果我使用GET和不使用数据来尝试相同的url,那么我会得到记录。

{
  "hits": [
    {
      "_index": "logstash-2014.03.29",
      "_type": "fluentd",
      "_id": "p9ck6aNoQq-rJFqV1nbVyQ",
      "_score": 1,
      "_source": {
        "host": "ubuntu02",
        "ident": "",
        "message": ":PRO::apache::access: 192.168.10.51 - kibana [29/Mar/2014:17:03:35 +0100] \"GET /index.html HTTP/1.1\" 200 2976 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36\" kibana.smartpurposes.net:443 0",
        "@timestamp": "2014-03-29T17:03:35+01:00"
      }
    }
  ]
}

GET /logstash-2014.03.29/_mapping  HTTP/1.1
返回此

{
  "logstash-2014.03.29": {
    "mappings": {
      "_default_": {
        "_all": {
          "enabled": false
        },
        "properties": {
          "@fields": {
            "dynamic": "true",
            "properties": {
              "ldaperrnum": {
                "type": "integer"
              }
            }
          }
        }
      },
      "fluentd": {
        "_all": {
          "enabled": false
        },
        "properties": {
          "@fields": {
            "dynamic": "true",
            "properties": {
              "ldaperrnum": {
                "type": "integer"
              }
            }
          },
          "@timestamp": {
            "type": "date",
            "format": "dateOptionalTime"
          },
          "host": {
            "type": "string"
          },
          "message": {
            "type": "string"
          }
        }
      }
    }
  }
}
它们都返回数据,但kibana没有显示任何内容

有什么想法吗

更新:

如果我发射

POST /logstash-2014.03.29/_search HTTP/1.1
使用此数据(删除查询)可以正常工作

所以问题似乎就在这里

{
  "query": {
    "filtered": {
      "query": {
        "bool": {
          "should": [
            {
              "query_string": {
                "query": "*"
              }
            }
          ]
        }
      }
    }
  }
}
Kibana不喜欢json数组。