所以,我正在尝试设置 Logstash 与 logstash-forwarder 一起使用,但我遇到了一些问题。伐木工人似乎并没有真正启动并在端口 5000 上侦听(用 选中netstat -anltp),并且似乎与我的配置无关的错误消息被转储到 logstash 日志中。
我的配置文件
input {
lumberjack {
port => 5000
ssl_certificate => "/etc/ssl/star_server_com.crt"
ssl_key => "/etc/ssl/server.key"
type => "somelogs"
}
}
output {
elasticsearch_http {
host => "haproxy.server.com"
password => "a0fe9d5dedwedfacd240a25b0"
user => "90765547wfefwefwee429f"
}
}
--configtest 的输出
Using milestone 1 input plugin 'lumberjack'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2-modified/plugin-milestones {:level=>:warn}
Using milestone 2 output plugin 'elasticsearch_http'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2-modified/plugin-milestones {:level=>:warn}
/var/log/logstash/logstash.log 中的错误消息
{
: timestamp=>"2014-12-05T07:47:35.065000+0000",
: message=>"Error parsing JSON",
: json=>"{\"logstash\":{\"order\":0,\"template\":\"logstash-*\",\"settings\":{\"index.refresh_interval\":\"5s\"},\"mappings\":{\"_default_\":{\"dynamic_templates\":[{\"string_fields\":{\"mapping\":{\"index\":\"analyzed\",\"omit_norms\":true,\"type\":\"string\",\"fields\":{\"raw\":{\"index\":\"not_analyzed\",\"ignore_above\":256,\"type\":\"string\"}}},\"match_mapping_type\":\"string\",\"match\":\"*\"}}],\"properties\":{\"geoip\":{\"dynamic\":true,\"path\":\"full\",\"properties\":{\"location\":{\"type\":\"geo_point\"}},\"type\":\"object\"},\"@version\":{\"index\":\"not_analyzed\",\"type\":\"string\"}},\"_all\":{\"enabled\":true}}},\"aliases\":{}}}H",
: results=>"",
: error=>"unexpected token at 'H'",
: level=>: error
}