Java 日志存储插件有一个不可恢复的错误
我已经安装了麋鹿使用docker从以下链接 它以前工作得很好,但最近我在几个新服务器上遇到了一个问题。这个问题与安装在一些新服务器上的Logstash I有关,它不再向ELK服务器发送日志(以前的两个服务器工作得很好)。所有新服务器都运行在带有Ubuntu 20.04操作系统的AWS ARM64处理器上 这是我的日志Java 日志存储插件有一个不可恢复的错误,java,logstash,kibana,devops,elk,Java,Logstash,Kibana,Devops,Elk,我已经安装了麋鹿使用docker从以下链接 它以前工作得很好,但最近我在几个新服务器上遇到了一个问题。这个问题与安装在一些新服务器上的Logstash I有关,它不再向ELK服务器发送日志(以前的两个服务器工作得很好)。所有新服务器都运行在带有Ubuntu 20.04操作系统的AWS ARM64处理器上 这是我的日志 ubuntu@ip-172-31-17-36:~$ cat /etc/logstash/conf.d/logstash.conf input {
ubuntu@ip-172-31-17-36:~$ cat /etc/logstash/conf.d/logstash.conf
input {
stdin {}
file {
path => "/home/ubuntu/logs/*.log"
codec => "line"
type => "logback"
}
}
output {
elasticsearch {
hosts => ["http://my.domain.here:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "mypasswordhere"
}
stdout {
codec => rubydebug
}
}
[logstash.log][ERROR] A plugin had an unrecoverable error. Will restart this plugin.
Pipeline_id:main
Plugin: <LogStash::Inputs::File path=>["/home/ubuntu/logs/*.log"], codec=><LogStash::Codecs::Line id=>"line_be8567e0-c2ed-4fb5-bb1e-d5547b6e82ca", enable_metric=>true, charset=>"UTF-8", delimiter=>"\n">, id=>"c268f57e10bc6f90059c4e8a0c16df4e1833157f2a8fc58a01a046529bd84b48", type=>"logback", enable_metric=>true, stat_interval=>1.0, discover_interval=>15, sincedb_write_interval=>15.0, start_position=>"end", delimiter=>"\n", close_older=>3600.0, mode=>"tail", file_completed_action=>"delete", sincedb_clean_after=>1209600.0, file_chunk_size=>32768, file_chunk_count=>140737488355327, file_sort_by=>"last_modified", file_sort_direction=>"asc", exit_after_read=>false, check_archive_validity=>false>
Error: Operation not permitted - No message available
Exception: Errno::EPERM
Stack: org/jruby/RubyFile.java:675:in `chown'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/helper.rb:41:in `write_atomically'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/sincedb_collection.rb:232:in `atomic_write'
org/jruby/RubyMethod.java:119:in `call'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/sincedb_collection.rb:216:in `sincedb_write'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/sincedb_collection.rb:188:in `flush_at_interval'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/watch.rb:57:in `subscribe'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/observing_tail.rb:12:in `subscribe'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/logstash/inputs/file.rb:364:in `run'
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:405:in `inputworker'
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:396:in `block in start_input'
[logstash.log][ERROR]插件有一个无法恢复的错误。将重新启动此插件。
管道id:主管道
插件:[“/home/ubuntu/logs/*.log”],编解码器=>“line”\u be8567e0-c2ed-4fb5-bb1e-d5547b6e82ca”,enable\u metric=>true,charset=>“UTF-8”,delimiter=>“\n”>,id=>“c268f57e10bc6f90059c4e8a0c16df4e1833157f2a8fc58a01a046529bd84b48”,键入=>“logback”,enable\u metric=>true,stat=>1.0,discover,interval=>15,write\u=>起始位置,delimiter=>“\n”,close\u older=>3600.0,mode=>“tail”,file\u completed\u action=>“delete”,sincedb\u clean\u after=>1209600.0,file\u chunk\u size=>32768,file\u chunk\u count=>140737488355327,file\u sort\u by=>“last\u modified”,file\u sort\u direction=>“asc”,读取后退出\u=>false,检查存档有效性=>false>
错误:不允许操作-没有可用消息
例外:Errno::EPERM
Stack:org/jruby/RubyFile.java:675:in'chown'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/helper.rb:41:in'write_atomicaly'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/sincedb_collection.rb:232:在“原子写入”中
org/jruby/RubyMethod.java:119:in'call'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/sincedb_collection.rb:216:in'sincedb_write'
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/sincedb\u collection.rb:188:in“按间隔刷新”
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/watch.rb:57:在“订阅”中
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/filewatch/observing_tail.rb:12:in“订阅”
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-file-4.2.2/lib/logstash/inputs/file.rb:364:在“运行”中
/usr/share/logstash/logstash-core/lib/logstash/java_-pipeline.rb:405:in'inputworker'
/usr/share/logstash/logstash core/lib/logstash/java_pipeline.rb:396:in`block in start_input'
任何帮助都将不胜感激。我使用了一些不同的编解码器,但问题仍然是sameI没有解决方案,但人们在AARM上找到了这一点。在Windows上,或者如果sincedb所在的设备是块或字符设备,则输入使用非原子写入。否则,它将使用原子写入,这将对文件进行更改。除非您以root用户身份运行,否则将获取EPERM。我无法理解UNIX文件系统如何不能成为块设备。我使用了一些不同的编解码器,但问题仍然是sameI没有解决方案,但人们在AARM上找到了这个问题。在Windows上,或者如果sincedb所在的设备是块或字符设备,则输入使用非原子写入。否则,它将使用原子写入,这将对文件进行更改。除非您以root用户身份运行,否则将获取EPERM。我无法理解UNIX文件系统如何不能成为块设备。