1
我正在使用nginx模块为filebeats发送日志数据到elasticsearch。这里是我的filebeats配置:用于filebeats的Nginx模块不分析访问日志
output:
logstash:
enabled: true
hosts:
- logstash:5044
timeout: 15
filebeat.modules:
- module: nginx
access:
enabled: true
var.paths: ["/var/log/nginx/access.log"]
error:
enabled: true
var.paths: ["/var/log/nginx/error.log"]
问题是日志不被解析。这是我在Kibana看到:
{ "_index": "filebeat-2017.07.18", "_type": "log", "_id": "AV1VLXEbhj7uWd8Fgz6M", "_version": 1, "_score": null, "_source": {
"@timestamp": "2017-07-18T10:10:24.791Z",
"offset": 65136,
"@version": "1",
"beat": {
"hostname": "06d09033fb23",
"name": "06d09033fb23",
"version": "5.5.0"
},
"input_type": "log",
"host": "06d09033fb23",
"source": "/var/log/nginx/access.log",
"message": "10.15.129.226 - - [18/Jul/2017:12:10:21 +0200] \"POST /orders-service/orders/v1/sessions/update/FUEL_DISPENSER?api_key=vgxt5u24uqyyyd9gmxzpu9n7 HTTP/1.1\" 200 5 \"-\" \"Mashery Proxy\"",
"type": "log",
"tags": [
"beats_input_codec_plain_applied"
] }, "fields": {
"@timestamp": [
1500372624791
] }, "sort": [
1500372624791 ] }
我失踪解析领域,如文档中规定:https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-nginx.html
为什么日志行不解析?在采集节点
- 映射模板
- kibana仪表盘
- 机器学习工作
- 过滤器
这里是:
可能是这种情况,为什么它不起作用(https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules-overview.html): 目前,Filebeat模块需要使用Elasticsearch摄取节点。将来,Filebeat Modules还可以将Logstash配置为Ingest Node的一个更强大的替代方案。 –