logstash 映射解析错误状态 400
logstash Mapping Parsing error status 400
当我尝试使用 logstash 读取配置文件时,出现地图解析错误。
:response=>{"index"=>{"_index"=>"logstash-2016.06.07",
"_type"=>"txt", "_id"=>nil, "status"=>400,
"error"=>{"type"=>"mapper_parsing_exception", "r eason"=>"Failed to
parse mapping [default]: Mapping definition for [data] has
unsupported parameters: [ignore_above : 1024]",
"caused_by"=>{"type"=>"mapper_parsing_exception", "reason"=>"Mapping
definition for [data] has unsupported para meters: [ignore_above :
1024]"}}}}, :level=>:warn}←[0m
我摸了下日志发现没有问题,只是不知道是什么错误。
这是我的 logstash.conf
input{
stdin{}
file{
type => "txt"
path => "C:\HA\accesslog\trial.log"
start_position => "beginning"
}
}
filter{
grok{
match => {"message" => ["%{IP:ClientAddr}%{SPACE}%{NOTSPACE:access_date}%{SPACE}%{TIME:access_time}%{SPACE}%{NOTSPACE:x-eap.wlsCustomLogField.VirtualHost}%{SPACE}%{WORD:cs-method}%{SPACE}%{PATH:cs-uri-stem}%{SPACE}%{PROG:x-eap.wlsCustomLogField.Protocol}%{SPACE}%{NUMBER:sc-status}%{SPACE}%{NUMBER:bytes}%{SPACE}%{NOTSPACE:x-eap.wlsCustomLogField.RequestedSessionId}%{SPACE}%{PROG:x-eap.wlsCustomLogField.Ecid}%{SPACE}%{NUMBER:x-eap.wlsCustomLogField.ThreadId}%{SPACE}%{NUMBER:x-eap.wlsCustomLogField.EndTs}%{SPACE}%{NUMBER:time-taken}"]}
}
if "_grokparsefailure" in [tags] {
drop { }
}
}
output{
elasticsearch {
hosts => ["localhost:9200"]
index => "logstash-%{+YYYY.MM.dd}"
template_overwrite => true
}
stdout { codec => rubydebug }
}
请帮忙。谢谢
- 我原来在这里找到了解决方案:github。com/elastic/elasticsearch/issues/16283
- 另一个问题是创建的索引字段太长。缩短名称可以解决问题。
当我尝试使用 logstash 读取配置文件时,出现地图解析错误。
:response=>{"index"=>{"_index"=>"logstash-2016.06.07", "_type"=>"txt", "_id"=>nil, "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "r eason"=>"Failed to parse mapping [default]: Mapping definition for [data] has unsupported parameters: [ignore_above : 1024]", "caused_by"=>{"type"=>"mapper_parsing_exception", "reason"=>"Mapping definition for [data] has unsupported para meters: [ignore_above : 1024]"}}}}, :level=>:warn}←[0m
我摸了下日志发现没有问题,只是不知道是什么错误。
这是我的 logstash.conf
input{
stdin{}
file{
type => "txt"
path => "C:\HA\accesslog\trial.log"
start_position => "beginning"
}
}
filter{
grok{
match => {"message" => ["%{IP:ClientAddr}%{SPACE}%{NOTSPACE:access_date}%{SPACE}%{TIME:access_time}%{SPACE}%{NOTSPACE:x-eap.wlsCustomLogField.VirtualHost}%{SPACE}%{WORD:cs-method}%{SPACE}%{PATH:cs-uri-stem}%{SPACE}%{PROG:x-eap.wlsCustomLogField.Protocol}%{SPACE}%{NUMBER:sc-status}%{SPACE}%{NUMBER:bytes}%{SPACE}%{NOTSPACE:x-eap.wlsCustomLogField.RequestedSessionId}%{SPACE}%{PROG:x-eap.wlsCustomLogField.Ecid}%{SPACE}%{NUMBER:x-eap.wlsCustomLogField.ThreadId}%{SPACE}%{NUMBER:x-eap.wlsCustomLogField.EndTs}%{SPACE}%{NUMBER:time-taken}"]}
}
if "_grokparsefailure" in [tags] {
drop { }
}
}
output{
elasticsearch {
hosts => ["localhost:9200"]
index => "logstash-%{+YYYY.MM.dd}"
template_overwrite => true
}
stdout { codec => rubydebug }
}
请帮忙。谢谢
- 我原来在这里找到了解决方案:github。com/elastic/elasticsearch/issues/16283
- 另一个问题是创建的索引字段太长。缩短名称可以解决问题。