我在配置 Logstash 时遇到了一些问题。
我已经使用 filebeats 来转发日志,并且第一次运行良好。但是当我关闭并重新启动终端来配置logstash和filebeats时。即使 Kibana UI 显示日志文件仍在发送和读取,也会出现错误:
Settings: Default pipeline workers: 8
Beats inputs: Starting input listener {:address=>"0.0.0.0:5044", :level=>:info}
The error reported is:
Address already in use - bind - Address already in use
这是配置文件
input {
beats {
port => 5044
type => "logs"
ssl => true
ssl_certificate => "/etc/pki/tls/certs/filebeat.crt"
ssl_key => "/etc/pki/tls/private/filebeat.key"
}
}
filter{
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
stdout { codec => rubydebug }
}
我不知道是怎么回事。谁能告诉我。谢谢