- elasticsearch/
elasticsearch Elasticsearch索引不是从logstash indexer创建的
elasticsearch Elasticsearch索引不是从logstash indexer创建的
我设置了一个简单的弹性堆栈,如下所示: LS shipper=>Kafka=>LS Indexer=>ES=>Kibana 我正在使用所有最新版本。(5.2.2-1) 我的索引不是在Elasticsearch上创建的,所以我在每个级别都进行了检查 我可以看到我的日志一直传到LS索引器
[2017-03-14T16:08:01,360][DEBUG][logstash.pipeline ] output received {"event"=>{"@timestamp"=>2017-03-14T15:08:01.355Z, "@version"=>"1", "message"=>"{\"severity\":6,\"timestamp8601\":\"2017-03-14T16:08:01+01:00\",\"pid\":\"65156\",\"program\":\"CROND\",\"message\":\"(root) CMD (/home/unix/cron/iodisk >/dev/null 2>&1)||syslog source origin:not defined or not authorized|syslog source name:not defined or not authorized|syslog source env:not defined or not authorized|syslog source security level:0|syslog time received:2017-03-14T16:08:01.349084+01:00|syslog time reported:2017-03-14T16:08:01+01:00||\\n\",\"priority\":78,\"logsource\":\"VRHNDCPUPAPPPR1\",\"type\":\"system\",\"@timestamp\":\"2017-03-14T15:08:01.000Z\",\"@version\":\"1\",\"host\":\"10.64.1.202\",\"facility\":9,\"severity_label\":\"Informational\",\"source_indexer\":\"tcp.50050\",\"timestamp\":\"2017-03-14T16:08:01+01:00\",\"facility_label\":\"clock\"}"}}
input {
kafka {
bootstrap_servers => "10.64.2.143:9092"
group_id => "logstash indexer"
topics => "system"
}
}
output {
if [type == "system"] {
elasticsearch {
codec => json
hosts => [ "10.64.2.144:9200" ]
index => "system"
}
}
}
谢谢,我怀疑你的条件是错误的
if [type == "system"] {
if [type] == "system" {