Fatal编程技术网
  • logstash/
  • Logstash在运行时发生异常

Logstash在运行时发生异常

logstash

Logstash在运行时发生异常,logstash,Logstash,当我运行它时,我在logstash日志中得到了这个异常 [2018-01-14T15:42:00912] [错误][logstash.outputs.elasticsearch] elasticsearch的未知设置“主机” [2018-01-14T15:42:00921][ERROR][logstash.agent]未能执行操作{:action=>logstash::PipelineAction::Create/ 管道id:main,:exception=>“LogStash::Configu

当我运行它时,我在logstash日志中得到了这个异常

[2018-01-14T15:42:00912] [错误][logstash.outputs.elasticsearch] elasticsearch的未知设置“主机” [2018-01-14T15:42:00921][ERROR][logstash.agent]未能执行操作{:action=>logstash::PipelineAction::Create/ 管道id:main,:exception=>“LogStash::ConfigurationError”, :message=>“您的配置有问题。”, :backtrace=>[“/usr/share/logstash/logstash core/lib/logstash/config

/rb:89:in
config\u init
“/usr/share/logstash/logstash core/lib/logstash/outputs/base.rb:63:in
initialize', “/usr/share/logstash/logstash core/lib/logstash/output\u delegator\u strategies/shared.rb:3:in 
initialize',
“/usr/share/logstash/logstash core/lib/logstash/output_delegator.rb:25:in
initialize', “/usr/share/logstash/logstash core/lib/logstash/plugins/plugin_factory.rb:86:in 
plugin',
“/usr/share/logstash/logstash core/lib/logstash/pipeline.rb:114:in
plugin'”(eval):87:in
”,“org/jruby/RubyKernel.java:994:in
eval', “/usr/share/logstash/logstash core/lib/logstash/pipeline.rb:86:in 
initialize',
“/usr/share/logstash/logstash core/lib/logstash/pipeline.rb:171:in
initialize', “/usr/share/logstash/logstash core/lib/logstash/pipeline_action/create.rb:40:in 
execute',
“/usr/share/logstash/logstash core/lib/logstash/agent.rb:335:in
block 在美国",, “/usr/share/logstash/logstash core/lib/logstash/agent.rb:141:in 
带有“管道”,
“/usr/share/logstash/logstash core/lib/logstash/agent.rb:332:in
block 在converge_state“org/jruby/RubyArray.java:1734:in
each”中,
“/usr/share/logstash/logstash core/lib/logstash/agent.rb:319:in
converge_state', “/usr/share/logstash/logstash core/lib/logstash/agent.rb:166:in
block
在converge_state_和_update'中,
“/usr/share/logstash/logstash core/lib/logstash/agent.rb:141:in
带有“管道”, “/usr/share/logstash/logstash core/lib/logstash/agent.rb:164:in 
converge_state_和_update',
“/usr/share/logstash/logstash core/lib/logstash/agent.rb:90:in
execute', “/usr/share/logstash/logstash core/lib/logstash/runner.rb:343:in 执行“”中的
块,
“/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in
初始化“”中的块]}

这是我的配置:

   input{
 lumberjack {
  port => 5044
  type => "logs"
  ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
  ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
 }    
}


filter{
 if[type] == "syslog" {
   grok {
    match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:sysylog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
     add_field => ["received_at", "%{@timestamp}" ] 
     add_field => ["received_from", "%{host}" ]
   }
   syslog_pri {}
   date {
     match => ["syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
   }
 }
}

output{
  elasticsearch { host =>localhost }
  stdout { codec => rubydebug }
}
我该怎么解决呢,谢谢。
我使用最新版本的ELK

如果你检查你的输出elasticsearch插件,它有主机参数。
它需要一个hosts参数和一个字符串数组。

我的logstash->elastic插件如下所示:

elasticsearch{
  hosts=>["localhost:9200"]
  index=>"logstash-%{+YYYY.MM.dd}"
}
您可能还需要设置索引参数。

您不需要索引参数。它有一个默认值:
logstash-%{+YYYY.MM.dd}
。请参阅