1. 首页
  2. 问答
  3. logstash org.elasticsearch.discovery.MasterNotDiscoveredException错误

logstash org.elasticsearch.discovery.MasterNotDiscoveredException错误

2013-06-21 62 views
3

我已经安装了logstash 1.1.13与elasticcsearch-0.20.6下面的配置为logstash.conflogstash org.elasticsearch.discovery.MasterNotDiscoveredException错误

input { 
tcp { 
port => 524 
type => rsyslog 
} 
udp { 
port => 524 
type => rsyslog 
} 
} 
filter { 
grok { 
type => "rsyslog" 
pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" ] 
add_field => [ "received_at", "%{@timestamp}" ] 
add_field => [ "received_from", "%{@source_host}" ] 
} 
syslog_pri { 
type => "rsyslog" 
} 
date { 
type => "rsyslog" 
syslog_timestamp => [ "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] 
} 
mutate { 
type => "rsyslog" 
exclude_tags => "_grokparsefailure" 
replace => [ "@source_host", "%{syslog_hostname}" ] 
replace => [ "@message", "%{syslog_message}" ] 
} 
mutate { 
type => "rsyslog" 
remove => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ] 
} 
} 

output { 
elasticsearch { 
host => "127.0.0.1" 
port => 9300 
node_name => "sysloG33r-1" 
bind_host => "localhost" 
} 
}

elasticsearch.yml

cluster: 
    name: syslogcluster 
node: 
    name: "sysloG33r-1" 
path: 
    data: /var/lib/elasticsearch 
path: 
    logs: /var/log/elasticsearch 
network: 
    host: "0.0.0.0"

并开始用命令logstash

[[email protected] elasticsearch]# java -jar /usr/local/bin/logstash/bin/logstash.jar agent -f /etc/logstash/logstash.conf 
Using experimental plugin 'syslog_pri'. This plugin is untested and may change in the future. For more information about plugin statuses, see http://logstash.net/docs/1.1.13/plugin-status {:level=>:warn} 
date: You used a deprecated setting 'syslog_timestamp => ["MMM d HH:mm:ss", "MMM dd HH:mm:ss"]'. You should use 'match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]' {:level=>:warn} 
PORT SETTINGS 127.0.0.1:9300 
log4j, [2013-06-21T14:40:08.013] WARN: org.elasticsearch.discovery: [sysloG33r-1] waited for 30s and no initial state was set by the discovery 
Failed to index an event, will retry {:exception=>org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [1m], :event=>{"@source"=>"tcp://10.66.59.35:34662/", "@tags"=>[], "@fields"=>{"syslog_pri"=>["78"], "syslog_program"=>["crond"], "syslog_pid"=>["6511"], "received_at"=>["2013-06-21T13:40:01.845Z"], "received_from"=>["10.66.59.35"], "syslog_severity_code"=>6, "syslog_facility_code"=>9, "syslog_facility"=>"clock", "syslog_severity"=>"informational"}, "@timestamp"=>"2013-06-21T12:40:01.000Z", "@source_host"=>"kent", "@source_path"=>"/", "@message"=>"(root) CMD (/opt/bin/firewall-state.sh)", "@type"=>"rsyslog"}, :level=>:warn}

和elasticsearch

/usr/local/bin/elasticsearch start

我可以看到所有的elasticsearch(9200,9300)和logstash(524)

tcp  0  0 :::524      :::*      LISTEN  12557/java   
tcp  0  0 :::9200      :::*      LISTEN  10782/java   
tcp  0  0 :::9300      :::*      LISTEN  10782/java   
tcp  0  0 ::ffff:127.0.0.1:9301  :::*      LISTEN  12557/java   
udp  0  0 :::524      :::*         12557/java   
udp  0  0 :::54328     :::*         10782/java

正确的Java接口,但是我看到logstash这个错误,任何想法?

Failed to index an event, will retry {:exception=>org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [1m], :event=>{"@source"=>"tcp://10.66.59.35:33598/", "@tags"=>[], "@fields"=>{"syslog_pri"=>["78"], "syslog_program"=>["crond"], "syslog_pid"=>["12983"], "received_at"=>["2013-06-21T12:07:01.541Z"], "received_from"=>["10.66.59.35"], "syslog_severity_code"=>6, "syslog_facility_code"=>9, "syslog_facility"=>"clock", "syslog_severity"=>"informational"}, "@timestamp"=>"2013-06-21T11:07:01.000Z", "@source_host"=>"kent", "@source_path"=>"/", "@message"=>"(root) CMD (/opt/bin/firewall-state.sh)", "@type"=>"rsyslog"}, :level=>:warn}

来源

2013-06-21 krisdigitx

+0

不知道如果我失去了一些东西 - ES自曝HTTP终结,但你的映射似乎是使用TCP在9200,9300? –

+0

你可以让logstash配置转到默认的ES端口吗?我有一个非常类似于你的配置,我没有明确分配端口。 – Adam

回答

8

我打算假设你已经检查了显而易见的东西,比如“ElasticSearch正在运行吗?”和“我可以打开TCP连接到本地主机上的端口9300?”

即使您使用的是host参数在elasticsearch输出,什么是可能发生的是,在Logstash的ElasticSearch客户端试图通过多播来发现群集成员(这是怎样一个新的安装通常是默认配置),并失败。这在EC2以及防火墙配置可能会干扰多播发现的许多其他环境中很常见。如果这是集群中的唯一成员,设定您的elasticsearch.yml应该做的伎俩如下:

discovery: 
    zen: 
    ping: 
     multicast: 
     enabled: false 
     unicast: 
     hosts: <your_ip>[9300-9400]

在AWS上,也有是一个EC2发现插件,将清​​除此直到你。

顺便说一下,这个问题真的属于Server Fault而不是Stack Overflow。

来源

2013-07-11 02:59:08 jgoldschrafe

+0

我已经对我的elasticsearch.yml文件做了这些修改:'discovery.zen.ping.multicast.enabled:false discovery.zen.ping.unicast.hosts:[“127.0.0.1”]'但我仍然看到这个消息:线程中的异常elasticsearch [Proudstar,John] [generic] [T#5]“org.elasticsearch.discovery。MasterNotDiscoveredException:等待[30s]'我想清理警告和错误,因为我尝试着朝着稳定的logstash实例工作。我应该关注这些警告吗?我可以清理它们吗? – harperville

1

我有一个类似的问题,它来自我的IP配置。简而言之,请检查您在logstash主机上只有一个IP地址。如果不是,它可以选择错误的。

这里发布了相同的答案:Logstash with Elasticsearch

来源

2013-12-20 14:31:50 Hadrien

0

我碰到同类问题,并通过在logstash的elasticsearch的conf加入集群选项固定。由于您已修改elasticsearch.yml中的群集名称,因此logstash客户端将无法使用默认值查找群集。

尝试这样做,这也

来源

2015-03-23 09:22:25 Ysak

相关问题

 相关问题