elasticsearch 未导入elasticsearch的字段,elasticsearch,logstash,kibana-4,elasticsearch,Logstash,Kibana 4" /> elasticsearch 未导入elasticsearch的字段,elasticsearch,logstash,kibana-4,elasticsearch,Logstash,Kibana 4" />
Fatal编程技术网

elasticsearch 未导入elasticsearch的字段

logstash

elasticsearch 未导入elasticsearch的字段,elasticsearch,logstash,kibana-4,elasticsearch,Logstash,Kibana 4,我有一个ELK实例,它使用redis通道作为缓冲区。日志由发货人导入并正确解析到redis中,但没有任何内容可用于elasticsearch 我的托运人配置如下所示: input { file { path => [ "/var/log/aggregates.log" ] type => "aggregates" } } output { redis { host => "xxxx" data_type => "channel

我有一个ELK实例,它使用redis通道作为缓冲区。日志由发货人导入并正确解析到redis中,但没有任何内容可用于elasticsearch

我的托运人配置如下所示:

input {
  file {
    path => [ "/var/log/aggregates.log" ]
    type => "aggregates"
  }
}

output {
  redis {
    host => "xxxx"
    data_type => "channel"
    key => "logstash-aggregates"
  }
}

filter {
  csv {
    columns => [ 'start_time', 'end_time','total_count' ... ] 
    separator => "," 
  }
}

input {
  redis {
    host => "xxxx"
    type => "aggregates"
    data_type => "channel"
    key => "logstash-aggregates"
    format => "json_event"
  }
}

output {
  elasticsearch {
    bind_host => "xxxx"
    cluster => "default_cluster"
    host => "xxxx"
    action => "index"
  }
}
索引器配置如下所示:

input {
  file {
    path => [ "/var/log/aggregates.log" ]
    type => "aggregates"
  }
}

output {
  redis {
    host => "xxxx"
    data_type => "channel"
    key => "logstash-aggregates"
  }
}

filter {
  csv {
    columns => [ 'start_time', 'end_time','total_count' ... ] 
    separator => "," 
  }
}

input {
  redis {
    host => "xxxx"
    type => "aggregates"
    data_type => "channel"
    key => "logstash-aggregates"
    format => "json_event"
  }
}

output {
  elasticsearch {
    bind_host => "xxxx"
    cluster => "default_cluster"
    host => "xxxx"
    action => "index"
  }
}
这里有我遗漏的东西吗?我似乎想不出来。

索引器日志文件或elasticsearch日志文件中有什么内容吗?尝试在索引器上添加stdout{}输出。感谢您的回复。日志中没有什么令人兴奋的东西,使用stdout运行,在事件通过redis发生后,我看到了以下内容:
2015-08-27T20:28:33.581+0000%{host}%{message}
尝试在logstash命令行中添加
--debug
,以了解更多的情况。您确实看到了“{host}”和“{message message}”吗,那是直接从控制台出来的。。。奇怪的