使用 logstash 1.2.1,现在可以有条件地做各种事情。如果要管理许多日志文件并实施指标提取,即使是早期版本的 conf 文件也会变得复杂。
看完这个综合示例后,我真的很想知道自己,如何才能检测到此配置中的任何破损?
有任何想法吗。
问问题
5541 次
2 回答
13
For a syntax check, there is --configtest:
java -jar logstash.jar agent --configtest --config <yourconfigfile>
To test the logic of the configuration you can write rspec tests. This is an example rspec file to test a haproxy log filter:
require "test_utils"
describe "haproxy logs" do
extend LogStash::RSpec
config <<-CONFIG
filter {
grok {
type => "haproxy"
add_tag => [ "HTTP_REQUEST" ]
pattern => "%{HAPROXYHTTP}"
}
date {
type => 'haproxy'
match => [ 'accept_date', 'dd/MMM/yyyy:HH:mm:ss.SSS' ]
}
}
CONFIG
sample({'@message' => '<150>Oct 8 08:46:47 syslog.host.net haproxy[13262]: 10.0.1.2:44799 [08/Oct/2013:08:46:44.256] frontend-name backend-name/server.host.net 0/0/0/1/2 404 1147 - - ---- 0/0/0/0/0 0/0 {client.host.net||||Apache-HttpClient/4.1.2 (java 1. 5)} {text/html;charset=utf-8|||} "GET /app/status HTTP/1.1"',
'@source_host' => '127.0.0.1',
'@type' => 'haproxy',
'@source' => 'tcp://127.0.0.1:60207/',
}) do
insist { subject["@fields"]["backend_name"] } == [ "backend-name" ]
insist { subject["@fields"]["http_request"] } == [ "/app/status" ]
insist { subject["tags"].include?("HTTP_REQUEST") }
insist { subject["@timestamp"] } == "2013-10-08T06:46:44.256Z"
reject { subject["@timestamp"] } == "2013-10-08T06:46:47Z"
end
end
This will, based on a given filter configuration, run input samples and test if the expected output is produced.
To run the test, save the test as haproxy_spec.rb and run `logstash rspec:
java -jar logstash.jar rspec haproxy_spec.rb
There are lots of spec examples in the Logstash source repository.
于 2013-10-16T21:41:15.837 回答
2
由于logstash已经升级,现在命令将类似于(给出文件夹)
/opt/logstash/bin/logstash agent --configtest -f /etc/logstash/logstash-indexer/conf.d
如果您看到一些警告,但错误消息混合在一起,您不知道哪个有问题。你必须一一检查它的文件
于 2015-06-26T07:39:36.507 回答