当我尝试从 logstash 在弹性搜索中创建索引时出错

Question

您好，当我尝试从 logstash 在 ElasticSearch 中创建索引时出现以下错误：

[Converge PipelineAction::Create] 代理 - 无法执行操作 {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"预期为#、输入、过滤器、输出之一第 1 行，第 1 列（字节 1）"

如果我的 .conf 文件有问题，你能告诉我吗

iput {
    file {
    path => "/opt/sis-host/process/uptime_test*"
#        start_position => "beginning"
        ignore_older => 0
    }
}*emphasized text*

 filter {
     grok {
       match => { "message" => "%{DATA:hora} %{DATA:fecha} %{DATA:status} %{DATA:server} % 
 {INT:segundos}" }
     }
     date {
       match => ["horayfecha", "HH:mm:ss MM/dd/YYYY" ]
       target => "@timestamp"
     }
 }

 output {
       elasticsearch {
           hosts => ["host:9200"]
           index => "uptime_test-%{+YYYY.MM.dd}"
       }
       stdout { codec => rubydebug }
}

Answer 1

配置文件应该以输入开头而不是"iput"

input {  # not iput
    file {
    path => "/opt/sis-host/process/uptime_test*"
#        start_position => "beginning"
        ignore_older => 0
    }
}

 filter {
     grok {
       match => { "message" => "%{DATA:hora} %{DATA:fecha} %{DATA:status} %{DATA:server} % 
 {INT:segundos}" }
     }
     date {
       match => ["horayfecha", "HH:mm:ss MM/dd/YYYY" ]
       target => "@timestamp"
     }
 }

 output {
       elasticsearch {
           hosts => ["host:9200"]
           index => "uptime_test-%{+YYYY.MM.dd}"
       }
       stdout { codec => rubydebug }
}

当我尝试从 logstash 在弹性搜索中创建索引时出错

Error when I try to create index in elastic search from logstash

indexing

logstash