1
我正在使用nginx模塊爲filebeats發送日誌數據到elasticsearch。這裏是我的filebeats配置:用於filebeats的Nginx模塊不分析訪問日誌
output:
logstash:
enabled: true
hosts:
- logstash:5044
timeout: 15
filebeat.modules:
- module: nginx
access:
enabled: true
var.paths: ["/var/log/nginx/access.log"]
error:
enabled: true
var.paths: ["/var/log/nginx/error.log"]
問題是日誌不被解析。這是我在Kibana看到:
{ "_index": "filebeat-2017.07.18", "_type": "log", "_id": "AV1VLXEbhj7uWd8Fgz6M", "_version": 1, "_score": null, "_source": {
"@timestamp": "2017-07-18T10:10:24.791Z",
"offset": 65136,
"@version": "1",
"beat": {
"hostname": "06d09033fb23",
"name": "06d09033fb23",
"version": "5.5.0"
},
"input_type": "log",
"host": "06d09033fb23",
"source": "/var/log/nginx/access.log",
"message": "10.15.129.226 - - [18/Jul/2017:12:10:21 +0200] \"POST /orders-service/orders/v1/sessions/update/FUEL_DISPENSER?api_key=vgxt5u24uqyyyd9gmxzpu9n7 HTTP/1.1\" 200 5 \"-\" \"Mashery Proxy\"",
"type": "log",
"tags": [
"beats_input_codec_plain_applied"
] }, "fields": {
"@timestamp": [
1500372624791
] }, "sort": [
1500372624791 ] }
我失蹤解析領域,如文檔中規定:https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-nginx.html
爲什麼日誌行不解析?在採集節點
- 映射模板
- kibana儀表盤
- 機器學習工作
- 過濾器
這裏是:
可能是這種情況,爲什麼它不起作用(https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules-overview.html): 目前,Filebeat模塊需要使用Elasticsearch攝取節點。將來,Filebeat Modules還可以將Logstash配置爲Ingest Node的一個更強大的替代方案。 –