尝试所有选项后,logstash未读取输入文件
Logstash不接受文件输入,我已经尝试了所有可用选项和其他问题的答案。附加conf文件和日志 尝试:尝试所有选项后,logstash未读取输入文件,logstash,logstash-file,Logstash,Logstash File,Logstash不接受文件输入,我已经尝试了所有可用选项和其他问题的答案。附加conf文件和日志 尝试: start_position => beginning sincedb_path => "D:\ELK\d.d1" ignore_older => 0 配置文件: input { file { path => "D:\ELK\inlog.log" start_position => beginning sinc
start_position => beginning
sincedb_path => "D:\ELK\d.d1"
ignore_older => 0
input {
file {
path => "D:\ELK\inlog.log"
start_position => beginning
sincedb_path => "D:\ELK\d.d1"
ignore_older => 0
}enter code here
}
output {
file {
path => "D:\ELK\outlog.log"
}
}
请帮助有关文件,我认为您可以使用filebeat来监视和读取文件,然后将输出发送到logstash。下面是filebeat yml配置的示例
filebeat.prospectors:
- type: log
_type: applogs
tags: ['applogs']
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
multiline.max_lines: 100
scan.order: desc
scan.sort: modtime
scan_frequency: 10s
backoff: 10s
close_inactive: 10m
#clean_inactive removes the state of a file after the specified period of inactivity has elapsed.
#clean_inactive setting must be greater than ignore_older + scan_frequency
#ignore_older: 72h
#clean_inactive: 80h
paths:
- C:\logs\logserver\production\app\*\*.txt
- C:\logs\logserver\production\app\AlertMessage\debug_XXX*.txt
- type: log
_type: IIS
tags: ['IIS']
scan.order: desc
scan.sort: modtime
scan_frequency: 10s
close_inactive: 10m
#Enable for Production
#ignore_older: 72h
clean_inactive: 80h
paths:
- C:\logs\IISLogs\W3SVC1\*.log
#----------------------------- Logstash output --------------------------------
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["127.0.0.1:5044"]
# Number of workers per Logstash host.
worker: 2
输出文件是为标准输入创建的。因此,问题似乎只存在于输入文件。是否尝试删除sincedb文件?@baudsp yes。我每次都在创建新的sincedb文件。您是否尝试过不使用
ignore\u olderthis is testing of me
this is testing of me
filebeat.prospectors:
- type: log
_type: applogs
tags: ['applogs']
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
multiline.max_lines: 100
scan.order: desc
scan.sort: modtime
scan_frequency: 10s
backoff: 10s
close_inactive: 10m
#clean_inactive removes the state of a file after the specified period of inactivity has elapsed.
#clean_inactive setting must be greater than ignore_older + scan_frequency
#ignore_older: 72h
#clean_inactive: 80h
paths:
- C:\logs\logserver\production\app\*\*.txt
- C:\logs\logserver\production\app\AlertMessage\debug_XXX*.txt
- type: log
_type: IIS
tags: ['IIS']
scan.order: desc
scan.sort: modtime
scan_frequency: 10s
close_inactive: 10m
#Enable for Production
#ignore_older: 72h
clean_inactive: 80h
paths:
- C:\logs\IISLogs\W3SVC1\*.log
#----------------------------- Logstash output --------------------------------
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["127.0.0.1:5044"]
# Number of workers per Logstash host.
worker: 2