Logstash配置错误

我是新来的ELK堆栈。希望使用从filebeat到logstash的管道推送数据，这将推动数据的弹性。我的配置如下：Logstash配置错误

input { 
beats { 
    port => "5043" 
    } 
} 

filter { 
    grok { 
match => { "message" => "\A%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{WORD:var0}%{SPACE}%{NOTSPACE}%{SPACE}(?<searchinfo>[^#]*)#(?<username>[^#]*)#(?<searchQuery>[^#]*)#(?<latitude>[^#]*)#(?<longitude>[^#]*)#(?<client_ip>[^#]*)#(?<responseTime>[^#]*)" } 
    } 
} 


output { 
    stdout { codec => rubydebug } 
     elasticsearch { 
      index => "logstash_logs" 
      document_type => "logs" 
      hosts => [ "localhost:9200" ] 
}

问题是当我做bin/logstash -f first-pipeline.conf --config.test_and_exit。它给我一个错误，说明：

17:55:37.691 [LogStash::Runner] FATAL logstash.runner - The given configuration is invalid. Reason: Expected one of #, if, ", ', } at line 22, column 1 (byte 487) after output { 
stdout { codec => rubydebug } 
    elasticsearch { 
     index => "logstash_logs" 
     document_type => "logs" 
     hosts => [ "localhost:9200" ] 
}

任何人都可以指出我哪里错了？

来源

2017-08-29 iam.Carrot

你缺少一个右大括号在elasticsearch输出

output { 
    stdout { codec => rubydebug } 
    elasticsearch { 
    index => "logstash_logs" 
    document_type => "logs" 
    hosts => [ "localhost:9200" ] 
    }  <--- this is missing 
}

来源

2017-08-29 12:08:03 Val

洛尔这一定是最愚蠢的事。我不相信我错过了它。谢谢。它现在有效。 –

有时候，它恰好在你面前:-)现在很高兴 – Val

Logstash配置错误

回答

相关问题