Logstash 这比说放下电话线但仍能在Kibana看到要好_Logstash_Elastic Beats

Logstash 这比说放下电话线但仍能在Kibana看到要好

logstash

Logstash 这比说放下电话线但仍能在Kibana看到要好,logstash,elastic-beats,Logstash,Elastic Beats,我正在制作麋鹿堆。我正在尝试将wso2应用程序日志推送到弹性搜索我将Filebeats配置为读取包含DCS的行我在终端中看到filebeats日志，因为删除的行与提供的模式不匹配 2020-06-25T01:43:10.557+0530 DEBUG [harvester] log/harvester.go:488 Drop line as it does not match any of the include patterns TID: [-1234] [] [20

我正在制作麋鹿堆。我正在尝试将wso2应用程序日志推送到弹性搜索

我将Filebeats配置为读取包含

DCS

的行

我在终端中看到

filebeats

日志，因为删除的行与提供的模式不匹配

2020-06-25T01:43:10.557+0530    DEBUG   [harvester]     log/harvester.go:488    Drop line as it does not match any of the include patterns TID: [-1234] [] [2020-06-25 01:43:01,725]  INFO {org.wso2.carbon.mediation.dependency.mgt.DependencyTracker} -  Startup : syncUdaDataToUsage_OnlyOnce was removed from the Synapse configuration successfully - [ Deployed From Artifact Container: usage-service-capp ]  {org.wso2.carbon.mediation.dependency.mgt.DependencyTracker}

但我在Kibana看到了同样的日志

filebeats.yml

logstsh-beat.conf

input {
    beats {
        type => "beats"
        host => "localhost"
        port => 5044
    }
}
filter {
    grok {
        match => {"message" => "TID:%{SPACE}\[%{INT:SystemId}\]%{SPACE}\[%{DATA:ProcessName}\]%{SPACE}\[%{TIMESTAMP_ISO8601:TimeStamp}\]%{SPACE}%{LOGLEVEL:logLevel}%{SPACE}{org.apache.synapse.mediators.builtin.LogMediator}%{SPACE}-%{SPACE}%{WORD:dataCollector}%{SPACE}%{GREEDYDATA:sequence}%{SPACE}-%{SPACE}%{DATA:logMessage}=%{SPACE}%{GREEDYDATA:responseMessage}%{SPACE}{org.apache.synapse.mediators.builtin.LogMediator}" }
    }
}
output {
    elasticsearch {
        hosts => ["localhost:9200"]
        index => "uda"
    }
    stdout {
        codec => rubydebug
    }
}

我不明白为什么beats会发送一条与模式不匹配的线

input {
    beats {
        type => "beats"
        host => "localhost"
        port => 5044
    }
}
filter {
    grok {
        match => {"message" => "TID:%{SPACE}\[%{INT:SystemId}\]%{SPACE}\[%{DATA:ProcessName}\]%{SPACE}\[%{TIMESTAMP_ISO8601:TimeStamp}\]%{SPACE}%{LOGLEVEL:logLevel}%{SPACE}{org.apache.synapse.mediators.builtin.LogMediator}%{SPACE}-%{SPACE}%{WORD:dataCollector}%{SPACE}%{GREEDYDATA:sequence}%{SPACE}-%{SPACE}%{DATA:logMessage}=%{SPACE}%{GREEDYDATA:responseMessage}%{SPACE}{org.apache.synapse.mediators.builtin.LogMediator}" }
    }
}
output {
    elasticsearch {
        hosts => ["localhost:9200"]
        index => "uda"
    }
    stdout {
        codec => rubydebug
    }
}