elasticsearch 日志存储配置错误,elasticsearch,logstash,kibana,filebeat,elasticsearch,Logstash,Kibana,Filebeat" /> elasticsearch 日志存储配置错误,elasticsearch,logstash,kibana,filebeat,elasticsearch,Logstash,Kibana,Filebeat" />
Fatal编程技术网

elasticsearch 日志存储配置错误

logstash kibana

elasticsearch 日志存储配置错误,elasticsearch,logstash,kibana,filebeat,elasticsearch,Logstash,Kibana,Filebeat,我是麋鹿的新手。想要使用从filebeat到logstash的管道推送数据,这将把数据推送到elastic。我的配置如下: input { beats { port => "5043" } } filter { grok { match => { "message" => "\A%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{WORD:var0}%{SPACE}%{NOTSPACE}%{SPACE}(?<searchinf

我是麋鹿的新手。想要使用从filebeat到logstash的管道推送数据,这将把数据推送到elastic。我的配置如下:

input {
beats {
    port => "5043"
  }
}

filter {
  grok {
match => { "message" => "\A%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{WORD:var0}%{SPACE}%{NOTSPACE}%{SPACE}(?<searchinfo>[^#]*)#(?<username>[^#]*)#(?<searchQuery>[^#]*)#(?<latitude>[^#]*)#(?<longitude>[^#]*)#(?<client_ip>[^#]*)#(?<responseTime>[^#]*)" }
  }
}


output {
     stdout { codec => rubydebug }
        elasticsearch {
            index => "logstash_logs"
            document_type => "logs"
            hosts => [ "localhost:9200" ]
}
有人能指出我哪里出错了吗?

您的
elasticsearch
输出中缺少一个右括号

output {
  stdout { codec => rubydebug }
  elasticsearch {
     index => "logstash_logs"
     document_type => "logs"
     hosts => [ "localhost:9200" ]
  }     <--- this is missing
}

输出{
stdout{codec=>rubydebug}
弹性搜索{
索引=>“日志存储日志”
文档类型=>“日志”
hosts=>[“localhost:9200”]

}您的
elasticsearch
输出中缺少一个右括号


output {
  stdout { codec => rubydebug }
  elasticsearch {
     index => "logstash_logs"
     document_type => "logs"
     hosts => [ "localhost:9200" ]
  }     <--- this is missing
}



输出{
stdout{codec=>rubydebug}
弹性搜索{
索引=>“日志存储日志”
文档类型=>“日志”
hosts=>[“localhost:9200”]

}哈哈,这一定是最愚蠢的事情。我不敢相信我错过了。谢谢。它现在起作用了。有时候,它就在你面前:-)很高兴它现在起作用了哈哈,这一定是最愚蠢的事情。我不敢相信我错过了。谢谢。它现在起作用了。有时候,它就在你面前:-)很高兴它现在起作用了