【发布时间】:2020-04-29 10:49:16
【问题描述】:
我们为我们称为 kubernetes-internal 的 Logstash 7.6.2 管道编写了一个配置文件。
我们检查了bin/logstash --config.test_and_exit -f ../kubernetes-internal/02-filter.conf 的语法,似乎我们在语法中遗漏了一些东西:
[FATAL] 2020-04-29 10:41:42.006 [LogStash::Runner] runner - The given configuration is invalid. Reason: Expected one of #, => at line 152, column 8 (byte 5565) after filter {
查看那部分代码,我们有:
...
else {
if [kubernetes][labels][version] != "v2" {
date {
match => [ "syslog_timestamp", "ISO8601" ]
remove_field => [ "syslog_timestamp" ]
}
}
prune {
whitelist_names => ["^message_csv$","^host$","^beat","^source$","^type$","^offset$","@timestamp","kubernetes"]
}
mutate {
add_tag => [ "haproxy-logs" ]
remove_tag => [ "_csvparsefailure" ]
}
}
else {
if "ambassador" in [kubernetes][labels][service] { #Line152
grok {
match => { "message" => '^%{TIMESTAMP_ISO8601:time} %{IP:clientip}:%{NUMBER:port} %{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion} %{NUMBER:http_status} %{NOTSPACE:response_flag} %{NUMBER:bytes_received} %{NUMBER:bytes_sent} %{NUMBER:request_time} \'%{NOTSPACE:X-Forwarded-for}\' \'%{NOTSPACE:X-OURDOMAIN-Api}\' \'%{DATA:agent}\' \'%{NOTSPACE:UUID}\' \'%{NOTSPACE:X-Forwarded-Client-Cert}\' \'%{NOTSPACE:authority}\' \'%{NOTSPACE:upstream_host}\'$' }
}
mutate {
convert => {
"http_status" => "integer"
"bytes_sent" => "integer"
"bytes_received" => "integer"
"request_time" => "integer"
}
...
到目前为止,我们缺少什么?
【问题讨论】:
-
嗨。请分享整个 logstash 配置并对代码行编号,以便我们识别第 152 行。
标签: kubernetes yaml logstash logstash-grok