下面是我的CONFI文件。而log.txt的内容是一个简单的字符串“ abcd”,命令是logstash -f“ C:\ busapps \ drsb \ gbl0 \ logstash \ 7.0.0 \ bin \ pipelines \ logstash.conf”
问题是它没有提供任何输出。只需启动管道]
input {
file {
path => "C:\Users\G703065T1\Desktop\log.log.txt"
start_position => "beginning"
sincedb_path => "NUL"
ignore_older => "0"
}
}
filter {
grok {
match => { "message" => "%{LOGLEVEL:loglevel} %{GREEDYDATA:message}"}
overwrite => [ "message" ]
}
}
output {
stdout {}
}
输出:
Sending Logstash logs to C:/busapps/drsb/gbl0/logstash/7.0.0/logs which is now configured via log4j2.properties
[2020-03-14T18:20:49,988][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-03-14T18:20:50,004][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.0.0"}
[2020-03-14T18:20:57,727][INFO ][logstash.javapipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, :thread=>"#<Thread:0x7f28c3fd run>"}
[2020-03-14T18:20:58,370][INFO ][logstash.javapipeline ] Pipeline started {"pipeline.id"=>"main"}
[2020-03-14T18:20:58,482][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2020-03-14T18:20:58,513][INFO ][filewatch.observingtail ] START, creating Discoverer, Watch with file and sincedb collections
[2020-03-14T18:20:59,130][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
会出现什么问题?
嗨,请尝试使用解析器:
input{
file{
path=>"C:\Users\G703065T1\Desktop\log.log.txt"start_position=>"beginning"sincedb_path=>"NUL"ignore_older=>"0"
}
}filter{
grok{
match=>{
"message"=>"%{LOGLEVEL:loglevel} %{GREEDYDATA:message}"
}overwrite=>[
"message"
]
}
}output{
{ codec => rubydebug }
}
input
{
stdin{}
}
filter{
grok{
match => {"message"=>"%{LOGLEVEL:loglevel}"}
overwrite => ["message"]
}
}
output
{
stdout{}
}
出于上述原因,配置文件解决了该问题。在过去的2天里,我一直在使用各种配置文件进行测试。我肯定已经在某个时间点上进行了测试。但由于某种原因,它当时并没有起作用,现在已经起作用。我在标准输入中输入并从标准输出中输出