tri*_*lef 2 elasticsearch logstash elastic-stack
我已经设置了一个版本5 ELK堆栈(使用X-Pack),我使用以下logstash conf文件,它似乎正确解析访问日志(正如我在输出中看到的那样):
input {
file {
path => ["/path/to/access_log"]
start_position => "beginning"
}
}
filter {
mutate { replace => { "type" => "apache_access" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
user => "elastic"
password => "*****"
}
stdout { codec => rubydebug }
}
但是, 除了我尝试使用以下curl命令手动创建索引时,elasticsearch输出返回404("没有这样的索引")错误.
curl -XPUT 'elastic:******@localhost:9200/logstash-2016.09.28
[2016-11-02T17:30:09,535] [警告] [logstash.outputs.elasticsearch]行动失败.{:status => 404,:action => ["index",{:_id => nil,:_index =>"logstash-2016.09.28",:_ type =>"apache_access",:_routing => nil}, 2016-09-28T11:50:32.000Z mypchost 10.2.33.155 - - [28/Sep/2016:14:50:32 +0300]"GET/MyApp/page HTTP/1.1"302 - " http:// myhttpserver/MyApp/page?22 ""Mozilla/5.0(Windows NT 6.1; WOW64; rv:35.0)Gecko/20100101 Firefox/35.0"],:response => {"index"=> {"_ index"=>"logstash-2016.09 .28","_ type"=>"apache_access","_ id"=> nil,"status"=> 404,"error"=> {"type"=>"index_not_found_exception","reason"=>"没有这样的index","resource.type"=>"index_expression","resource.id"=>"logstash-2016.09.28","index_uuid"=>" na ","index"=>"logstash-2016.09.28" }}}}
不自动创建索引可能会出现什么问题?
编辑: 从ES卸载X-Pack并重新运行logstash完成了这项工作,即创建了一个索引.现在我需要找出X-Pack的问题.
最后,问题是由我在ELK 安装X-Pack软件包时添加的elasticsearch.yml中的以下行引起的:
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*
| 归档时间: |
|
| 查看次数: |
6982 次 |
| 最近记录: |