我正在尝试“简单”的logstash配置,并希望输出要检查的文件。所以我从https://www.elastic.co/guide/en/logstash/current/plugins-outputs-file.html接受了conf并把它放在我的conf:
中input {
file {
exclude => ['*.gz']
path => ['/var/log/*.log']
type => 'system logs'
}
syslog {
port => 5000
}
}
output {
elasticsearch {
hosts => ['elasticsearch']
}
file {
path => "/config/logstash_out.log"
codec => {
line {
format => "message: %{message}"
}
}
}
stdout {}
}
但是当我启动它(sudo docker run -it --rm --name logstash -p 514:5000 --link elasticsearch:elasticsearch -v "$PWD":/config logstash logstash -f /config/logstash.conf
)时,我收到了logstash的投诉:
fetched an invalid config
{:config=>"input {
file {
exclude => ['*.gz']
path => ['/var/log/*.log']
type => 'system logs'
}
syslog {
port => 5000
}
}
output {
elasticsearch {
hosts => ['elasticsearch']
}
file {
path => \"/config/logstash_out.log\"
codec => {
line {
format => \"message: %{message}\"
}
}
}
stdout {}
}"
, :reason=>"Expected one of #, => at line 20, column 13 (byte 507)
after output { elasticsearch {\n hosts => ['elasticsearch']\n }
\n\n file {\n path => \"/config/logstash_out.log\"\n
codec => { \n line ", :level=>:error}
(我重新格式化了一下,因此更具可读性)
任何想法为什么?我看过logstash output to file and ignores codec但建议的解决方案被标记为已弃用,所以我想避免
谢谢!
答案 0 :(得分:3)
您的格式与教程不同。 这是the pull request。
不是
codec => {
line {
format => \"message: %{message}\"
}
}
但它是
codec =>
line {
format => "message: %{message}"
}
你不需要在行周围添加一些奇怪的括号。
这是您的配置正确。
input {
file {
exclude => ['*.gz']
path => ['/var/log/*.log']
type => 'system logs'
}
syslog {
port => 5000
}
}
output {
elasticsearch {
hosts => ['elasticsearch']
}
file {
path => "/config/logstash_out.log"
codec =>
line {
format => "message: %{message}"
}
}
stdout {}
}