我试图将我的API自定义日志文件传递给Kibana . 为此,我使用myLogFiles.log - > Logstash - > Elasticsearch - > Kibana .
PROBLEM
Logstash输出告诉一切正常,但Elasticsearch仍然是空的(我用kibana或elasticsearch web可视化插件检查了)
QUESTION
如何提供elasticsearch以在kibana中可视化我的数据?
DEBUG SO FAR
为了进行一些调试,我告诉Logstash输出.log文件和控制台 . 看我的logstash.conf:
input {
file {
path => '/home/***/dev_logstach/acci.log'
start_position => beginning
}
}
filter {
grok {
match => {"message" => "%{WORD:key} %{WORD:userID} %{WORD:lakeID} %{WORD:ballID} %{NUMBER:longitude} %{NUMBER:latitude} %{TIMESTAMP_ISO8601:date_evenement}"}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "testACCI"
}
stdout { codec => rubydebug }
file {
path => "/home/***/dev_logstach/testLog.log"
create_if_deleted => true
}
}
还有一个logstash输出
{
"userID" => "HJcOX",
"@timestamp" => 2018-04-10T13:27:47.723Z,
"latitude" => "-123.8",
"message" => "{message:ACWWCI HJcOX qHYFM ABCCCC -22.5 -123.8 2018-04-10T09:11:06.173Z,level:info}",
"path" => "/home/***/dev_logstach/acci.log",
"date_evenement" => "2018-04-10T09:11:06.173Z",
"@version" => "1",
"lakeID" => "qHYFM",
"key" => "ACWWCI",
"ballID" => "ABCCCC",
"host" => "sd-10****",
"longitude" => "-22.5"
}
当我再次运行它时不记录以前的数据,当我运行logstash时
echo -e "new data line" >> acci.log
新数据显示在日志中 . 然后我假设数据是在某处发送的,但我不知道我在哪里以及如何继续前进 .
在elasticsearch日志中,我只看到一个警告:
2018-04-10T17:01:52,507][WARN ][o.e.d.i.m.MapperService ] [_default_] mapping is deprecated since it is not useful anymore now that indexes cannot have more than one type
附:我读了一些这样的问题但是由于日期格式我的是valide(YYYY-MM-DD ...)
1 回答
几种选择:
提前创建弹性搜索索引
创建elasticsearch索引模板
这应该可以解决您的问题 .