Logstash中“预期的#,=>之一”是什么意思?

问题描述 投票:0回答:1

我们为称为kubernetes-internal的Logstash 7.6.2管道编写了一个配置文件。

[我们通过bin/logstash --config.test_and_exit -f ../kubernetes-internal/02-filter.conf检查了语法,似乎语法中缺少某些内容:

[FATAL] 2020-04-29 10:41:42.006 [LogStash::Runner] runner - The given configuration is invalid. Reason: Expected one of #, => at line 152, column 8 (byte 5565) after filter {

看那部分代码,我们有:

...
  else {
    if [kubernetes][labels][version] != "v2" {
      date {
        match => [ "syslog_timestamp", "ISO8601" ]
        remove_field => [ "syslog_timestamp" ]
           }
                                             }
    prune {
      whitelist_names => ["^message_csv$","^host$","^beat","^source$","^type$","^offset$","@timestamp","kubernetes"]
          }
    mutate {
      add_tag => [ "haproxy-logs" ]
      remove_tag => [ "_csvparsefailure" ]
           }
       }
  else {
    if "ambassador" in [kubernetes][labels][service] { #Line152
      grok {
        match => { "message" => '^%{TIMESTAMP_ISO8601:time} %{IP:clientip}:%{NUMBER:port} %{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion} %{NUMBER:http_status} %{NOTSPACE:response_flag} %{NUMBER:bytes_received} %{NUMBER:bytes_sent} %{NUMBER:request_time} \'%{NOTSPACE:X-Forwarded-for}\' \'%{NOTSPACE:X-OURDOMAIN-Api}\' \'%{DATA:agent}\' \'%{NOTSPACE:UUID}\' \'%{NOTSPACE:X-Forwarded-Client-Cert}\' \'%{NOTSPACE:authority}\' \'%{NOTSPACE:upstream_host}\'$' }
           }
      mutate {
      convert => {
        "http_status"    => "integer"
        "bytes_sent"     => "integer"
        "bytes_received" => "integer"
        "request_time"   => "integer"
                 }
...

到目前为止,我们还缺少什么?

kubernetes yaml logstash logstash-grok
1个回答
0
投票

很难说,因为方括号太乱了并且被截断了。

[我的意思是,它清楚地显示为after filter { ...但是没有filter {

是否曾经尝试过翻转条件?还是尝试按in运算符的期望添加括号?

if [kubernetes][labels][service] == "ambassador" {

if [kubernetes][labels][service] in ("ambassador") {

该条件甚至可能完全错误,因为它可能是component标签;例如。 app.kubernetes.io/component: ambassador-service。但是,不知道标签是如何定义的,只能假设。

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.htmlhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

仅尝试直接查询它们,以查找条件:

kubectl get pods -l 'service in (ambassador)'
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.