filebeat Template 报错(安装的时候遇到错误了用这个方法解决的)
filebeat安装的是 filebeat-6.4.2,因为是rpm安装的,默认的日志路径是cat /var/log/filebeat/filebeat,从这里面可以看相关的配置错误。
filebeat-6.4.2配置如下所示:
setup.template.name: "own*"
setup.template.pattern: "own*"
我用 filebeat 推送日志到 es,然后自己写了一个 module,可以正常解析日志。我在 filebeat.yml 里配置了两个 index
output.elasticsearch:# Array of hosts to connect to.hosts: ["localhost:9200"]index: "nginx-%{[beat.version]}-%{+yyyy.MM.dd}"indices:- index: "ro-%{[beat.version]}-%{+yyyy.MM.dd}"when.contains:source: "ro"
然后,我把对应的解析放到了 fields.yml 里面,并在filebeat.yml 配置了两个,我不知道 index 怎么跟
template 做匹配
setup.template.name: "nginx"
#setup.template.fields: "${path.config}/fields.yml"
setup.template.overwrite: false
setup.template.pattern: "nginx-*"setup.template.name: "ro"
setup.template.pattern: "ro*"
这样启动以后,日志可以正常推送,也能看到两个 index,但是 ro 的日志字段跟我写类型不符,全是 string。另外日志会报错
2018-01-17T17:02:34+08:00 INFO Connected to Elasticsearch version 6.1.1
2018-01-17T17:02:34+08:00 INFO Template already exists and will not be overwritten.
2018-01-17T17:02:35+08:00 ERR Failed to publish events: temporary bulk send failure
filebeat.yml相关的配置如下所示:
###################### Filebeat Configuration Example #########################
# This file is an example configuration file highlighting only the most common
# options. The filebeat.reference.yml file from the same directory contains all the
# supported options with more comments. You can use it as a reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/filebeat/index.html
# For more available modules and options, please see the filebeat.reference.yml sample
# configuration file.
#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /home/wwwlogs/*.log
#- c:\programdata\elasticsearch\logs\*
# Exclude lines. A list of regular expressions to match. It drops the lines that are
# matching any regular expression from the list.
#exclude_lines: ['^DBG']
# Include lines. A list of regular expressions to match. It exports the lines that are
# matching any regular expression from the list.
#include_lines: ['^ERR', '^WARN']
# Exclude files. A list of regular expressions to match. Filebeat drops the files that
# are matching any regular expression from the list. By default, no files are dropped.
#exclude_files: ['.gz$']
# Optional additional fields. These fields can be freely picked
# to add additional information to the crawled log files for filtering
#fields:
# level: debug
# review: 1
### Multiline options
# Multiline can be used for log messages spanning multiple lines. This is common
# for Java Stack Traces or C-Line Continuation
# The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
#multiline.pattern: ^\[
# Defines if the pattern set under pattern should be negated or not. Default is false.
#multiline.negate: false
# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
# that was (not) matched before or after or as long as a pattern is not matched based on negate.
# Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
#multiline.match: after
#============================= Filebeat modules ===============================
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
# Period on which files under path should be checked for changes
#reload.period: 10s
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
setup.template.name: "own*"
setup.template.pattern: "own*"
#================================ General =====================================
# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:
# The tags of the shipper are included in their own field with each
# transaction published.
#tags: ["service-X", "web-tier"]
# Optional fields that you can specify to add additional information to the
# output.
#fields:
# env: staging
#============================== Dashboards =====================================
# These settings control loading the sample dashboards to the Kibana index. Loading
# the dashboards is disabled by default and can be enabled either by setting the
# options here, or by using the `-setup` CLI flag or the `setup` command.
#setup.dashboards.enabled: false
# The URL from where to download the dashboards archive. By default this URL
# has a value which is computed based on the Beat name and version. For released
# versions, this URL points to the dashboard archive on the artifacts.elastic.co
# website.
#setup.dashboards.url:
#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
host: "192.168.32.137:5601"
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
#host: "localhost:5601"
#============================= Elastic Cloud ==================================
# These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/).
# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:
# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:
#================================ Outputs =====================================
# Configure what output to use when sending the data collected by the beat.
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
# hosts: ["localhost:9200"]
hosts: ["192.168.32.137:9200","192.168.32.138:9200","192.168.32.134:9200"]
index: "own"
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
#output.logstash:
# The Logstash hosts
#hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
#================================ Logging =====================================
# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
#logging.level: debug
# At debug level, you can selectively enable logging only for some components.
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
# "publish", "service".
#logging.selectors: ["*"]
#============================== Xpack Monitoring ===============================
# filebeat can export internal metrics to a central Elasticsearch monitoring
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
# reporting is disabled by default.
# Set to true to enable the monitoring reporter.
#xpack.monitoring.enabled: false
# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch output are accepted here as well. Any setting that is not set is
# automatically inherited from the Elasticsearch output configuration, so if you
# have the Elasticsearch output configured, you can simply uncomment the
# following line.
#xpack.monitoring.elasticsearch:
来源:https://elasticsearch.cn/question/3369
filebeat Template 报错(安装的时候遇到错误了用这个方法解决的)相关推荐
- app中使用企业微信sdk分享小程序报错:小程序路径错误,加载超时 解决办法。
问题描述: 在app中,需要调用企业微信skd,分享小程序给客户,客户打开小程序. 如果客户直接是企业微信中的,可以在企业微信中打开小程序. 但是,如果客户是微信中,用户在微信中打开小程序就报错. i ...
- linux的c文件报错for,linux c 编译错误 conflicting types for 的解决办法
程序在Windows下运行是OK的,但是放在linux系统gcc编译就会报错. 报错如下: tongxunlu.c:6:1: error: unknown type name 'linkman' li ...
- Python使用pip安装报错ModuleNotFoundError: No module named ‘pip._internal.cli.main‘的解决方法
Python使用pip安装报错ModuleNotFoundError: No module named 'pip._internal.cli.main'的解决方法 大家好,我叫亓官劼(qí guā ...
- 安装 SQL Sever 2000至最后步骤报错“安装程序配置服务器失败。 参考服务器错误日志和 C: \Windows\sqltsp.log 了解更多信息”
在安装 SQL Sever 2000至最后步骤报错"安装程序配置服务器失败. 参考服务器错误日志和 C: \Windows\sqltsp.log 了解更多信息" ,如 图: 解决方 ...
- uniapp热更新报错安装失败[-1201]:WGT/WGTU文件格式错误?
记录一下折磨了两天的uniapp热更新报错安装失败[-1201]:WGT/WGTU文件格式错误 1.报错原因是因为下载路径/下载文件错了,我的服务器上映射的下载地址访问后打开一个网页(图1),需要进去 ...
- 安装kvm虚拟机报错,could not open disk ,imagePermission denied的解决
安装kvm虚拟机报错,could not open disk ,imagePermission denied的解决 某次使用virt-install 命令安装虚拟 ...
- node-sass模块报错安装不上?试试这个方法,亲测有效
node-sass 模块报错.老是安装不上? Syntax Error: Error: Missing binding D:\code\xxxx\node_modules\node-sass\vend ...
- linux安装xfce4,安装 xfce4 报错 - 安装 xfce4 报错 _Linux教程_Linux公社-Linux系统门户网站...
安装 xfce4 报错 安装 xfce4 报错 [日期:2007-09-08] 来源:Linux公社 作者:Linuxidc [字体:大 中 小] 前面所有的安装验证均已通过,安装到23%左右会抛出一 ...
- java安装报错循环冗余检查_SQLSERVER2012备份日志报错:”读取失败: 23(数据错误(循环冗余检查)。)”...
SQLSERVER2012备份日志报错:"读取失败: 23(数据错误(循环冗余检查).)" 问题: SQLSERVER2012数据库,8月6日的LOG自动备份出现问题,之前备份一直 ...
最新文章
- poj2411 Mondriaan's Dream (状压dp+多米诺骨牌问题)
- python管理数据库设计_Pycharm+Django+Python+MySQL开发 后台管理数据库
- 计算机网络的构成教学反思,《计算机网络知识》教学反思.doc
- uva 133解题报告
- ARMA模型的性质之ARMA模型
- 系统500报警 php_Zabbix3.4 部署、监测及邮件报警
- 计算机二级access考试是不是操作题必须到36分?,2016年计算机二级access考试题库...
- 火爆GitHub:100天搞定机器学习编程(超赞信息图+代码+数据集)
- 完整java开发中JDBC连接数据库代码和步骤[申明:来源于网络]
- 第二课:电场与偶极子
- android 串口调试助手源码,android 串口调试工具源码
- 区块链与商业银行中的区块链运用
- OpenSSL源码下载及编译
- day21 Excel基本操作
- 英文版sketch如何转为中文版?sketch英文转为中文教程!
- 大数据揭秘诺奖评选“潜规则”
- C语言笔记(1.2版本,目前22000字)----未完待续
- linux tar的排除,Tar命令排除指定目录(常用Linux命令整理)
- 常见系统问题及其解决方法
- B.FRIENDit壁虎忍者办公静音巧克力有线键盘的特色有哪些呢?
热门文章
- C语言求最大公约数3种方法
- c++11中static类对象构造函数线程安全
- linux制作openssl rpm,CentOS 7 定制 OpenSSL RPM 包
- jquery.query-*.js 操作url
- 为10号部门的员工涨工资
- 编译opencv4.2时出现undefined reference to `jpeg_default_qtables‘错误的解决方案
- Find First and Last Position of Element in Sorted Array
- 类模板实现基于数组的栈
- source tree常用功能
- 二叉搜索树与双向链表