Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/svg/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Logstash 来自某些lambda函数的日志没有通过_Logstash_Amazon Cloudwatch_Amazon Cloudwatchlogs - Fatal编程技术网
Fatal编程技术网
  • logstash/
  • Logstash 来自某些lambda函数的日志没有通过

Logstash 来自某些lambda函数的日志没有通过

logstash

Logstash 来自某些lambda函数的日志没有通过,logstash,amazon-cloudwatch,amazon-cloudwatchlogs,Logstash,Amazon Cloudwatch,Amazon Cloudwatchlogs,我正在使用Logstash输入将日志从CloudWatch流式传输到Elasticsearch 我有以下配置 input { cloudwatch_logs { log_group => ["/aws/lambda/a","/aws/lambda/b","/aws/lambda/c","/aws/lambda/d","/aws/lambda/e","/aws

我正在使用Logstash输入将日志从CloudWatch流式传输到Elasticsearch

我有以下配置

input {
    cloudwatch_logs {
        log_group => ["/aws/lambda/a","/aws/lambda/b","/aws/lambda/c","/aws/lambda/d","/aws/lambda/e","/aws/lambda/f"]
        start_position => "end"
        access_key_id => "<access_key>"
        secret_access_key => "<secret_access_key>"
        region => "eu-west-2"
        tags => ["cloudwatch_syslog"]
    }
}

filter {
    if "cloudwatch_syslog" in [tags] {
        grok {
            patterns_dir => ["/etc/logstash/patterns"]
            match => { "message" => ["%{TIMESTAMP_ISO8601:timestampcw} > %{GREEDYDATA:message}","%{TIMESTAMP_ISO8601:timestampcw} %{GREEDYDATA:message}","%{GREEDYDATA:message}"] }
            overwrite => ["message"]
            remove_field => ["cloudwatch_logs","timestampcw"]
        }

        json {
            skip_on_invalid_json => true
            source => "message"
            target => "data"
            remove_field => ["message"]
        }
        if [data][type] != "report" {
            drop { }
        }

        else {
           mutate {
               replace => { "app" => "my-app" }
           }
        }
    }
}

output {
  if ![data] {
    elasticsearch {
      hosts => "<host>"
      user => "<un>"
      password => "<pass>"
      ilm_rollover_alias => "log_raw"
      ilm_pattern => "000001"
      ilm_policy => "log_raw"
    }
  }
  else {
    elasticsearch {
      hosts => "<host>"
      user => "<un>"
      password => "<pass>"
      ilm_rollover_alias => "log"
      ilm_pattern => "000001"
      ilm_policy => "log"
    }
  }
}

输入{
云观察日志{
log_group=>[“/aws/lambda/a”、“/aws/lambda/b”、“/aws/lambda/c”、“/aws/lambda/d”、“/aws/lambda/e”、“/aws/lambda/f”]
开始位置=>“结束”
访问密钥id=>“”
机密访问密钥=>“”
地区=>“欧盟西部-2”
标签=>[“cloudwatch\u syslog”]
}
}
滤器{
如果[标签]中有“cloudwatch_syslog”{
格罗克{
patterns\u dir=>[“/etc/logstash/patterns”]
match=>{“message”=>[“%{TIMESTAMP_ISO8601:timestampcw}>%{greedydydata:message}”,“%{TIMESTAMP_ISO8601:timestampcw}%{GREEDYDATA:message}”,“%{GREEDYDATA:message}”
覆盖=>[“消息”]
remove_field=>[“cloudwatch_日志”,“timestampcw”]
}
json{
跳过\u上的\u无效\u json=>true
source=>“消息”
目标=>“数据”
删除_字段=>[“消息”]
}
如果[数据][类型]!=“报告”{
删除{}
}
否则{
变异{
替换=>{“应用程序”=>“我的应用程序”}
}
}
}
}
输出{
如果![数据]{
弹性搜索{
主机=>“”
用户=>“”
密码=>“”
ilm\u滚动\u别名=>“日志\u原始”
ilm_模式=>“000001”
ilm_策略=>“日志_原始”
}
}
否则{
弹性搜索{
主机=>“”
用户=>“”
密码=>“”
ilm\u滚动\u别名=>“日志”
ilm_模式=>“000001”
ilm_策略=>“日志”
}
}
}
我可以看到lambda a、b、c和d中的日志,但在Kibana中看不到lambda e和f中的日志。我也尝试过删除sincedb文件,但即使在删除之后,也看不到日志。lambda e和f是昨天添加到配置中的,而其他人已经添加了很长一段时间了

你检查过logstash和Elasticsearch的日志了吗?我检查过logstash日志。没有错误