当我运行这样的命令时(在Windows系统上):
logstash -f logstash-apache.conf
有's no output and it didn' t存储任何日志到elasticsearch . 所以我觉得它没用 . 顺便说一下,我参考了网站:https://www.elastic.co/guide/en/logstash/current/config-examples.html#config-examples
这是我的conf文件(logstash-apache.conf):
input {
file {
path => ["C:/Users/User/Downloads/logstash-5.5.1/bin/access_log.txt"]
start_position => "beginning"
}
}
filter {
if [path] =~ "access" {
mutate { replace => { "type" => "apache_access" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
stdout { codec => rubydebug }
}
这是输出:C:\ Users \ User \ Downloads \ logstash-5.5.1 \ bin> logstash -f logstash-apache.conf错误StatusLogger找不到log4j2配置文件 . 使用默认配置:仅将错误记录到控制台 . 将Logstash的日志发送到C:/Users/User/Downloads/logstash-5.5.1/logs,现在通过log4j2.properties配置[2017-08-18T08:35:20,504] [INFO] [logstash.outputs.elasticsearch] Elasticsearch池URL已更新{:changes => {:removed => [],:added => [localhost:9200 /]}} [2017-08-18T08:35:20,509] [INFO] [logstash.outputs.elasticsearch]正在运行运行状况检查Elasticsearch连接是否正常{:healthcheck_url => localhost:9200 /,:path => "/"} [2017-08-18T08:35:20,668] [警告] [logstash.outputs.elasticsearch]恢复连接到ES实例{:url =>#} [2017-08-18T08:35:20,670] [INFO] [logstash.outputs.elasticsearch]使用{:path => nil}中的映射模板[2017-08-18T08:35: 20,725] [INFO] [logstash.outputs.elasticsearch]正在尝试安装模板{:manage_template => {"template" =>“logstash-", " version "=>50001, " settings "=>{" index.refresh_interval "=>" 5s "}, " mappings "=>{" default "=>{" _all "=>{" enabled "=>true, " norms "=>false}, " dynamic_templates "=>[{" message_field "=>{" path_match "=>"消息", " match_mapping_type "=>"串", "映射"=>{"类型"=>"文本", "规范"=>false}}}, {" string_fields "=>{"匹配"=>" ", " match_mapping_type "=>"串", "映射"=>{"类型"=>"文本", "规范"=>false, "字段"=>{"关键字"=>{"类型"=>"关键字", " ignore_above "=>256}}}}}], "属性"=>{" @timestamp "=>{"型"=>"日期", " include_in_all "=>false}, " @version "=>{"键入关键字"=>" ", " include_in_all "=>false}, " geoip的"=>{"动态"=>true, "特性"=>{" IP "=>{"类型"=>" IP "}, "位置"=>{"类型"=>" geo_point "}, "纬度"=>{"类型"=>" half_float "}, "经度"=>{"类型"=>" half_float "}}}}}}}} [2017-08-18T08:35:20,734][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>" LogStash ::输出:: ElasticSearch ", :hosts=>[#]} [2017-08-18T08:35:21,010][INFO ][logstash.pipeline ] Starting pipeline {" id "=>" main ", " pipeline.workers "=>4, " pipeline.batch.size "=>125, " pipeline.batch.delay "=>5, " pipeline.max_inflight“=> 500} [2017-08-18T08:35:21,896] [INFO] [logstash.pipeline]管道主要开始[2017-08-18T08:35:22,036] [INFO] [logstash.agent]成功启动Logstash API endpoints {:端口=> 9600}
先感谢您 :)