Configuration with output file and codec not parsed by logstash

杀马特。学长 韩版系。学妹 提交于 2019-12-12 00:42:52

问题


I'm trying a "simple" logstash configuration and want to ouput on a file to check. So I took the conf from https://www.elastic.co/guide/en/logstash/current/plugins-outputs-file.html and put it in my conf:

input {                                                                                                                                                                                                                                   
  file {
    exclude => ['*.gz']
    path => ['/var/log/*.log']
    type => 'system logs'
  }
  syslog {
    port => 5000
  }
}

output {
  elasticsearch {
    hosts => ['elasticsearch']
  }

  file {
    path => "/config/logstash_out.log"
    codec => {
      line  {
        format => "message: %{message}"
      }
    }
  }

  stdout {}
}

but when I launch it (sudo docker run -it --rm --name logstash -p 514:5000 --link elasticsearch:elasticsearch -v "$PWD":/config logstash logstash -f /config/logstash.conf), I've got a complaint from logstash:

fetched an invalid config 
{:config=>"input {
  file {
    exclude => ['*.gz']
    path => ['/var/log/*.log']
    type => 'system logs'
  }
  syslog {
    port => 5000
  }
}
output {
  elasticsearch {
    hosts => ['elasticsearch']
  }

  file {
    path => \"/config/logstash_out.log\"
    codec => { 
      line  { 
        format => \"message: %{message}\"
      }
    }
  }

  stdout {}
}"
, :reason=>"Expected one of #, => at line 20, column 13 (byte 507) 
after output {  elasticsearch {\n    hosts => ['elasticsearch']\n  }
\n\n  file {\n    path => \"/config/logstash_out.log\"\n    
codec => { \n      line  ", :level=>:error}

(I've reformatted a bit so it's more readable)

Any ideas why? I'seen logstash output to file and ignores codec but the proposed solution is marked as DEPRECATED so I would like to avoid

Thanks!


回答1:


You have the wrong format just like the tutorial. Here is the pull request.

It isn't

codec => { 
      line  { 
        format => \"message: %{message}\"
      }
     }

but it is

codec =>
      line  {
        format => "message: %{message}"
      }

You don't need to add quirly brackets around line.

Here is your config correctly.

input {                                                                                                                                                                                                                                   
  file {
    exclude => ['*.gz']
    path => ['/var/log/*.log']
    type => 'system logs'
  }
  syslog {
    port => 5000
  }
}

output {
  elasticsearch {
    hosts => ['elasticsearch']
  }

  file {
    path => "/config/logstash_out.log"
    codec =>
      line  {
        format => "message: %{message}"
      }

  }

  stdout {}
}


来源:https://stackoverflow.com/questions/37180676/configuration-with-output-file-and-codec-not-parsed-by-logstash

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!