如何修复Docker ELK堆栈日志tash导入连接错误
我在尝试使用日志存储将 CSV 文件导入到我的弹性搜索实例时遇到问题。我正在使用预配置的Docker ELK堆栈。
当我运行命令时,我的错误如下:
D:\data_sets\logstac config>docker cp CVEimport.conf 80:/
D:\data_sets\logstac config>docker exec -it 80 /bin/bash
bash-4.2$ logstash -f /CVEimport.conf --path.data ./storage/
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/logstash/logstash-core/lib/jars/jruby-complete-9.2.9.0.jar) to method sun.nio.ch.NativeThread.signal(long)
WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
[2020-04-03T12:35:08,901][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-04-03T12:35:08,921][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.6.0"}
[2020-04-03T12:35:10,957][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@elasticsearch:9200/]}}
[2020-04-03T12:35:12,083][WARN ][logstash.licensechecker.licensereader] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@elasticsearch:9200/"}
[2020-04-03T12:35:12,333][INFO ][logstash.licensechecker.licensereader] ES Output version determined {:es_version=>7}
[2020-04-03T12:35:12,349][WARN ][logstash.licensechecker.licensereader] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2020-04-03T12:35:13,001][INFO ][logstash.monitoring.internalpipelinesource] Monitoring License OK
[2020-04-03T12:35:13,007][INFO ][logstash.monitoring.internalpipelinesource] Validated license for monitoring. Enabling monitoring pipeline.
[2020-04-03T12:35:15,226][INFO ][org.reflections.Reflections] Reflections took 187 ms to scan 1 urls, producing 20 keys and 40 values
[2020-04-03T12:35:16,318][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@127.0.0.1:9200/]}}
[2020-04-03T12:35:16,375][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elastic:xxxxxx@127.0.0.1:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elastic:xxxxxx@127.0.0.1:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
然后它继续尝试重新连接。
我的配置文件是:
input {
file {
path => ["/CVEDB1.csv"]
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
columns=> ["Name","Status","Description","References","Phase","Votes","Comments"]
separator => ","
}
}
output {
elasticsearch {
hosts => "http://127.0.0.1:9200"
index => "cve"
user => "elastic"
password => "changeme"
}
stdout{}
}
任何信息都将是有帮助的,因为我是全新的ELK堆栈。
共有1个答案
您是否正在运行Elasticsearch REST服务?
# are we green?
curl http://localhost:9200/_cluster/health?pretty
如果要独立测试logstash,可以将输出发送到控制台
# output to console
output {
stdout { codec => rubydebug }
}
注意。只要您没有保护您的Elasticsearch集群,就不需要用户名和密码。
小说运行泊坞窗时
- 您可以在host_mode中运行 Elasticsearch
- 利用 Docker 组合并建立服务发现。
- curl http://172.16.0.2/_cluster/health?pretty (docker0 subnet)
-
问题内容: 我正在研究将Spring Boot应用程序日志直接发送到elasticsearch的可行性。不使用文件拍或logstash。我相信Ingest插件可能对此有所帮助。 我最初的想法是使用基于TCP的登录进行此操作。 https://github.com/logstash/logstash-logback- encoder 因此,从以上内容您可以将日志直接发送到logstash。我只是想知
-
我正在使用logstash进行集中式日志记录。我在托运人节点上使用logstash转发器,在收集器节点上使用ELK堆栈。我想知道日志存储在elasticsearch中的位置,我没有看到日志所在位置创建的任何数据文件stored.Do有人知道吗?
-
我正在学习ELK堆栈。因此,我编写了一个示例java代码,该代码在文件中产生一些日志行。我正在尝试查看日志行是否显示在 Kibana UI 中。因此,我将尽力解释我所做的事情。因此,首先我开始了 elasticsearch,然后是 logstash,然后是 kibana。 我的 logstash 配置文件看起来像这样: 日志文件中的日志如下所示: 在此之后,我创建了一个带有模式的索引模板。但是我没
-
数据库操作git:(主)节点import_acparts_to_mongdb.js <---最后几个GC--> 38787 ms:标记-扫描1384.9(1436.8)->1384.8(1436.8)MB,1181.9/0.0ms[分配失败][请求旧空间中的GC]。39964 ms:标记-扫描1384.8(1436.8)->1384.8(1436.8)MB,1177.7/0.0ms[分配失败][请
-
问题内容: 在Java日志中,很多时候我会得到类似以下内容的信息: 有谁知道如何显示完整的堆栈跟踪(即显示其他113行)? Throwable 的JavaDocs(用于Java 7) 对正在发生的事情有非常详细的解释。 问题答案: 当您看到“ … 113更多”时,表示“由…引起的”异常的其余行与父异常的那一点起的其余行相同。 例如,您将拥有 这两个堆栈跟踪在AbstractBatcher.exec