【发布时间】:2020-06-11 03:48:35
【问题描述】:
如下设置
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.6.2.deb
sudo dpkg -i logstash-6.6.2.deb
sudo systemctl enable logstash.service
sudo systemctl start logstash.service
我添加了一个如下所示的管道脚本
input {
file {
path => "/root/dev/Intuseer-PaaS/backend/airound_sv_logs.log"
start_position => "beginning"
}
}
output {
stdout {}
file {
path => "/root/dev/output/output-%{+YYYY-MM-dd}.log"
}
}
日志文件如下所示
timestamp, server_cpu, server_memory_used, server_memory_free, process_cpu, process_memory
1582787287, 1, 1176, 2759, 0, 9.05
1582787288, 1, 1176, 2759, 1, 8.97
1582787289, 2, 1176, 2759, 0, 9.04
1582787290, 1, 1177, 2758, 0, 8.98
1582787291, 0, 1176, 2759, 1, 9.04
1582787292, 1, 1176, 2759, 0, 8.96
1582787293, 1, 1177, 2758, 0, 9.03
1582787294, 1, 1176, 2759, 1, 9.08
1582787295, 0, 1177, 2758, 0, 9.02
1582787296, 1, 1176, 2759, 1, 9.05
我已经尝试了很多次才能在本地目录中获取此日志。我检查了logstash的状态。但在下面之后它没有变化。也没有生成 output-%.log 文件。
【问题讨论】:
-
这个答案应该会有所帮助:stackoverflow.com/a/34228807/4604579(提示:您需要添加
sincedb_path设置) -
@Val 谢谢你的评论。但我已经尝试过如下输入 { file { path => "/root/dev/Intuseer-PaaS/backend/airound_sv_logs.log" start_position => "beginning" sincedb_path => "/dev/null" } } output { stdout { } file { path => "/root/dev/output/output-%{+YYYY-MM-dd}.log" } } 但它没有变化。
-
添加该设置后,您能否显示启动 logstash 时的日志?
-
@Val 当然。启动后 [logstash.pipeline ] 启动管道 {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50} [ logstash.pipeline ] 管道成功启动 {:pipeline_id=>"main", :thread=>"#<0x3818b992 run>
标签: elasticsearch logstash elastic-stack filebeat