filebeat Template 报错(安装的时候遇到错误了用这个方法解决的)

filebeat安装的是 filebeat-6.4.2，因为是rpm安装的，默认的日志路径是cat /var/log/filebeat/filebeat，从这里面可以看相关的配置错误。

filebeat-6.4.2配置如下所示:

setup.template.name: "own*"
setup.template.pattern: "own*"

我用 filebeat 推送日志到 es，然后自己写了一个 module，可以正常解析日志。我在 filebeat.yml 里配置了两个 index

output.elasticsearch:# Array of hosts to connect to.hosts: ["localhost:9200"]index: "nginx-%{[beat.version]}-%{+yyyy.MM.dd}"indices:- index: "ro-%{[beat.version]}-%{+yyyy.MM.dd}"when.contains:source: "ro"

然后，我把对应的解析放到了 fields.yml 里面，并在filebeat.yml 配置了两个，我不知道 index 怎么跟
template 做匹配

setup.template.name: "nginx"
#setup.template.fields: "${path.config}/fields.yml"
setup.template.overwrite: false
setup.template.pattern: "nginx-*"setup.template.name: "ro"
setup.template.pattern: "ro*"

这样启动以后，日志可以正常推送，也能看到两个 index，但是 ro 的日志字段跟我写类型不符，全是 string。另外日志会报错

2018-01-17T17:02:34+08:00 INFO Connected to Elasticsearch version 6.1.1
2018-01-17T17:02:34+08:00 INFO Template already exists and will not be overwritten.
2018-01-17T17:02:35+08:00 ERR  Failed to publish events: temporary bulk send failure

filebeat.yml相关的配置如下所示:

###################### Filebeat Configuration Example #########################

# This file is an example configuration file highlighting only the most common
# options. The filebeat.reference.yml file from the same directory contains all the
# supported options with more comments. You can use it as a reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/filebeat/index.html

# For more available modules and options, please see the filebeat.reference.yml sample
# configuration file.

#=========================== Filebeat inputs =============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

# Change to true to enable this input configuration.
enabled: true

# Paths that should be crawled and fetched. Glob based paths.
paths:
- /home/wwwlogs/*.log
#- c:\programdata\elasticsearch\logs\*

# Exclude lines. A list of regular expressions to match. It drops the lines that are
# matching any regular expression from the list.
#exclude_lines: ['^DBG']

# Include lines. A list of regular expressions to match. It exports the lines that are
# matching any regular expression from the list.
#include_lines: ['^ERR', '^WARN']

# Exclude files. A list of regular expressions to match. Filebeat drops the files that
# are matching any regular expression from the list. By default, no files are dropped.
#exclude_files: ['.gz$']

# Optional additional fields. These fields can be freely picked
# to add additional information to the crawled log files for filtering
#fields:
# level: debug
# review: 1

### Multiline options

# Multiline can be used for log messages spanning multiple lines. This is common
# for Java Stack Traces or C-Line Continuation

# The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
#multiline.pattern: ^\[

# Defines if the pattern set under pattern should be negated or not. Default is false.
#multiline.negate: false

# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
# that was (not) matched before or after or as long as a pattern is not matched based on negate.
# Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
#multiline.match: after

#============================= Filebeat modules ===============================

filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml

# Set to true to enable config reloading
reload.enabled: false

# Period on which files under path should be checked for changes
#reload.period: 10s

#==================== Elasticsearch template setting ==========================

setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false

setup.template.name: "own*"
setup.template.pattern: "own*"
#================================ General =====================================

# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:

# The tags of the shipper are included in their own field with each
# transaction published.
#tags: ["service-X", "web-tier"]

# Optional fields that you can specify to add additional information to the
# output.
#fields:
# env: staging

#============================== Dashboards =====================================
# These settings control loading the sample dashboards to the Kibana index. Loading
# the dashboards is disabled by default and can be enabled either by setting the
# options here, or by using the `-setup` CLI flag or the `setup` command.
#setup.dashboards.enabled: false

# The URL from where to download the dashboards archive. By default this URL
# has a value which is computed based on the Beat name and version. For released
# versions, this URL points to the dashboard archive on the artifacts.elastic.co
# website.
#setup.dashboards.url:

#============================== Kibana =====================================

# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
host: "192.168.32.137:5601"

# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
#host: "localhost:5601"

#============================= Elastic Cloud ==================================

# These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/).

# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:

# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:

#================================ Outputs =====================================

# Configure what output to use when sending the data collected by the beat.

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
# hosts: ["localhost:9200"]
hosts: ["192.168.32.137:9200","192.168.32.138:9200","192.168.32.134:9200"]
index: "own"
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"

#----------------------------- Logstash output --------------------------------
#output.logstash:
# The Logstash hosts
#hosts: ["localhost:5044"]

# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"

# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"

#================================ Logging =====================================

# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
#logging.level: debug

# At debug level, you can selectively enable logging only for some components.
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
# "publish", "service".
#logging.selectors: ["*"]

#============================== Xpack Monitoring ===============================
# filebeat can export internal metrics to a central Elasticsearch monitoring
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
# reporting is disabled by default.

# Set to true to enable the monitoring reporter.
#xpack.monitoring.enabled: false

# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch output are accepted here as well. Any setting that is not set is
# automatically inherited from the Elasticsearch output configuration, so if you
# have the Elasticsearch output configured, you can simply uncomment the
# following line.
#xpack.monitoring.elasticsearch:

来源:https://elasticsearch.cn/question/3369

filebeat Template 报错(安装的时候遇到错误了用这个方法解决的)相关推荐

app中使用企业微信sdk分享小程序报错：小程序路径错误，加载超时解决办法。
问题描述: 在app中,需要调用企业微信skd,分享小程序给客户,客户打开小程序. 如果客户直接是企业微信中的,可以在企业微信中打开小程序. 但是,如果客户是微信中,用户在微信中打开小程序就报错. i ...
linux的c文件报错for,linux c 编译错误 conflicting types for 的解决办法
程序在Windows下运行是OK的,但是放在linux系统gcc编译就会报错. 报错如下: tongxunlu.c:6:1: error: unknown type name 'linkman' li ...
Python使用pip安装报错ModuleNotFoundError: No module named ‘pip._internal.cli.main‘的解决方法
Python使用pip安装报错ModuleNotFoundError: No module named 'pip._internal.cli.main'的解决方法大家好,我叫亓官劼(qí guā ...
安装 SQL Sever 2000至最后步骤报错“安装程序配置服务器失败。参考服务器错误日志和 C: \Windows\sqltsp.log 了解更多信息”
在安装 SQL Sever 2000至最后步骤报错"安装程序配置服务器失败. 参考服务器错误日志和 C: \Windows\sqltsp.log 了解更多信息" ,如图: 解决方 ...
uniapp热更新报错安装失败[-1201]:WGT/WGTU文件格式错误？
记录一下折磨了两天的uniapp热更新报错安装失败[-1201]:WGT/WGTU文件格式错误 1.报错原因是因为下载路径/下载文件错了,我的服务器上映射的下载地址访问后打开一个网页(图1),需要进去 ...
安装kvm虚拟机报错，could not open disk ，imagePermission denied的解决
安装kvm虚拟机报错,could not open disk ,imagePermission denied的解决某次使用virt-install 命令安装虚拟 ...
node-sass模块报错安装不上？试试这个方法，亲测有效
node-sass 模块报错.老是安装不上? Syntax Error: Error: Missing binding D:\code\xxxx\node_modules\node-sass\vend ...
linux安装xfce4,安装 xfce4 报错 - 安装 xfce4 报错 _Linux教程_Linux公社-Linux系统门户网站...
安装 xfce4 报错安装 xfce4 报错 [日期:2007-09-08] 来源:Linux公社作者:Linuxidc [字体:大中小] 前面所有的安装验证均已通过,安装到23%左右会抛出一 ...
java安装报错循环冗余检查_SQLSERVER2012备份日志报错:”读取失败: 23(数据错误(循环冗余检查)。)”...
SQLSERVER2012备份日志报错:"读取失败: 23(数据错误(循环冗余检查).)" 问题: SQLSERVER2012数据库,8月6日的LOG自动备份出现问题,之前备份一直 ...

filebeat Template 报错(安装的时候遇到错误了用这个方法解决的)

filebeat Template 报错(安装的时候遇到错误了用这个方法解决的)相关推荐

最新文章

热门文章