我无法获得 ILM 翻转别名来接受变量。在这个特定的例子中,我们将有一个 ELK 集群托管多个环境的日志。日志条目将在进入 logstash 管道之前用其环境标记。我希望条目转到正确的别名,但是在启动 logstash 时出现以下错误(截断了堆栈跟踪):
一个意料之外的问题发生了!{:error=>java.net.URISyntaxException: 索引 0 处格式错误的转义对:%{[fields][Environment]}-logs
这是我的 logstash 管道:
input {
rabbitmq {
host => "rabbitmq"
port => 5672
user => "guest"
password => "guest"
subscription_retry_interval_seconds => 5
queue => "logstash-queue"
exchange => "logs"
exchange_type => "direct"
durable => true
key => "logstash"
}
}
filter {
mutate {
rename => {"Properties" => "fields"}
}
mutate {
lowercase => ["[fields][Environment]"]
}
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
template_name=>"app-logs"
ilm_enabled => true …