问题
I'm new to ELK and I'm getting issues while running logstash. I ran the logatash as defined in below link https://www.elastic.co/guide/en/logstash/current/advanced-pipeline.html
But when run filebeat and logstash, Its show logstash successfully runs at port 9600. In filebeat it gives like this
INFO No non-zero metrics in the last 30s
Logstash is not getting input from filebeat.Please help..
the filebeat .yml is
filebeat.prospectors:
- input_type: log
paths:
- /path/to/file/logstash-tutorial.log
output.logstash:
hosts: ["localhost:5043"]
and I ran this command sudo ./filebeat -e -c filebeat.yml -d "publish"
The config file is
input {
beats {
port => "5043"
}
}
output {
stdout { codec => rubydebug }
}
then ran the commands
1)bin/logstash -f first-pipeline.conf --config.test_and_exit - this gave warnings
2)bin/logstash -f first-pipeline.conf --config.reload.automatic -This started the logstash on port 9600
I couldn't proceeds after this since filebeat gives the INFO
INFO No non-zero metrics in the last 30s
And the ELK version used is 5.1.2
回答1:
The registry file stores the state and location information that Filebeat uses to track where it was last reading
So you can try updating or deleting registry file. see here
cd /var/lib/filebeat
sudo mv registry registry.bak
sudo service filebeat restart
I have also faced this issue and I have solved with above commands.
回答2:
Filebeat reads from the end of your file, and is expecting new stuff to be added over time (like a log file).
To make it read from the beginning of the file, set the 'tail_files' option.
Also note the instructions there about re-processing a file, as that can come into play during testing.
来源:https://stackoverflow.com/questions/41949989/info-no-non-zero-metrics-in-the-last-30s-message-in-filebeat