日志未到达 Elastisearch 时需要采取的一些故障排除步骤:
- 检查您的日志解析配置文件(通常带有扩展名
.conf
)。确保它具有扫描日志的正确路径、正确的过滤器集等。要查看此 .conf 文件是否实际工作,可以尝试:
logstash -f <elasticsearch.conf file path>
如果这不会在控制台上引发任何错误,则意味着您此时已经很好,将不得不进入下一步。
- 检查是否正在创建 Kibana 索引。运行
curl http://<hostipaddress or localhost>:9200/_cat/indices?v
。
如果是,请转到 Kibana 管理并创建索引模式。
如果没有,请检查您的系统是否有足够的可用内存来服务 logstash 和 elastisearch。free -m
一旦您启动 logstash 和 elasticsearch 服务,将会很有帮助。很多时候,我看到有人在 RAM 不足的机器上尝试 ELK 设置(4GB 听起来很适合独立设置)。
- 检查您的 logstash 和 Elasticsearch 服务是否已启动并正在运行。如果 Elasticsearch 在日志解析或创建索引期间出现故障或重新启动,这很可能是由于系统资源不足。
-bash-4.2# systemctl status elasticsearch
�� elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-06-05 14:08:26 UTC; 1 weeks 0 days ago
Docs: http://www.elastic.co
Main PID: 1396 (java)
CGroup: /system.slice/elasticsearch.service
������1396 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMS...
Jun 05 14:08:26 cue-bldsvr4 systemd[1]: Started Elasticsearch.
Jun 05 14:08:26 cue-bldsvr4 systemd[1]: Starting Elasticsearch...
-bash-4.2# systemctl status logstash
�� logstash.service - logstash
Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-06-05 14:50:52 UTC; 1 weeks 0 days ago
Main PID: 4320 (java)
CGroup: /system.slice/logstash.service
������4320 /bin/java -Xms256m -Xmx1g -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFrac...
Jun 05 14:50:52 cue-bldsvr4 systemd[1]: Started logstash.
Jun 05 14:50:52 cue-bldsvr4 systemd[1]: Starting logstash...
Jun 05 14:51:08 cue-bldsvr4 logstash[4320]: Sending Logstash's logs to /var/log/logstash which is now configur...rties
Hint: Some lines were ellipsized, use -l to show in full.
-bash-4.2#