Logstash运行出现异常

问题描述 投票:0回答:2

当我运行它时,我在logstash日志中得到了这个异常。

[2018-01-14T15:42:00,912] [错误][logstash.outputs.elasticsearch] Elasticsearch 的未知设置“主机” [2018-01-14T15:42:00,921][错误][logstash.agent]无法执行操作{:action=>LogStash::PipelineAction::Create/ pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"您的配置有问题。", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/config

/mixin.rb:89:在 

config_init
  "/usr/share/logstash/logstash-core/lib/logstash/outputs/base.rb:63:in
初始化'", “/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/shared.rb:3:in 
initialize'", 
  "/usr/share/logstash/logstash-core/lib/logstash/output_delegator.rb:25:in
初始化'", “/usr/share/logstash/logstash-core/lib/logstash/plugins/plugin_factory.rb:86:in 
plugin'", 
  "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:114:in
插件'", "(eval):87:在 
<eval>'","org/jruby/RubyKernel.java:994:in
eval'", “/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:86:in 
initialize'", 
  "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:171:in
初始化'", “/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:40:in 
execute'",
  "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:335:in
块 在收敛状态'", “/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:in 
with_pipelines'",
  "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:332:in
块 在erge_state'”,“org/jruby/RubyArray.java:1734:in 
each'",
  "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:319:in
converge_state'”, “/usr/share/logstash/logstash-core/lib/logstash/agent.rb:166:in 
block
  in converge_state_and_update'", 
  "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:in
with_pipelines'”, “/usr/share/logstash/logstash-core/lib/logstash/agent.rb:164:in 
converge_state_and_update'", 
  "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:90:in
执行'", “/usr/share/logstash/logstash-core/lib/logstash/runner.rb:343:in 
block in execute'", 
  "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in
初始化中的块'"]}

这是我的配置:

   input{
 lumberjack {
  port => 5044
  type => "logs"
  ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
  ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
 }    
}


filter{
 if[type] == "syslog" {
   grok {
    match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:sysylog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
     add_field => ["received_at", "%{@timestamp}" ] 
     add_field => ["received_from", "%{host}" ]
   }
   syslog_pri {}
   date {
     match => ["syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
   }
 }
}

output{
  elasticsearch { host =>localhost }
  stdout { codec => rubydebug }
}

我该如何解决。谢谢。 我使用最新版本的 ELK

logstash
2个回答
1
投票

如果你检查输出的elasticsearch插件,它有主机参数。
它需要一个主机参数和一个字符串数组。
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-hosts
我的logstash->elastic插件看起来像这样:

elasticsearch{
  hosts=>["localhost:9200"]
  index=>"logstash-%{+YYYY.MM.dd}"
}

您可能还需要设置索引参数。

0
投票

initialize'", "org/logstash/execution/JavaBasePipelineExt.java:72:in
初始化'”,“/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:48:在
initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52:in
执行'”,“/usr/share/logstash/logstash-core /lib/logstash/agent.rb:392:in `converg_state 中的块'"]}

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.