0
這是用於匹配elasticsearch5.1.1緩慢日誌的logstash5.1.1配置文件內容。將elasticsearch5.1.1 slowlog發送到logstash 5.1.1作爲輸入
input {
file {
path => "C:\Users\571952\Downloads\elasticsearch-5.1.1\elasticsearch-5.1.1\logs\elasticsearch_index_search_slowlog"
start_position => "beginning"
}
}
filter {
grok { # parses the common bits
match => [ "message", "[%{TIMESTAMP_ISO8601:logtime}][%{LOGLEVEL:log_level}]
[%{DATA:es_slowquery_type}]\s*[%{DATA:es_host}]\s*[%{DATA:es_index}]\s*[%{DATA:es_shard}]\s*took[%{DATA:es_duration}],\s*took_millis[%{DATA:es_duration_ms:float}],\s*types[%{DATA:es_types}],\s*stats[%{DATA:es_stats}],\s*search_type[%{DATA:es_search_type}],\s*total_shards[%{DATA:es_total_shards:float}],\s*source[%{GREEDYDATA:es_source}],\s*extra_source[%{GREEDYDATA:es_extra_source}],"]
}
mutate {
gsub => [
"source_body", "], extra_source[$", ""
]
}
}
output {
file {
path => "C:\Users\571952\Desktop\logstash-5.1.1\just_queries"
codec => "json_lines"
message_format => "%{source_body}"
}
}
,當我在logstash 5.1.1執行此我有這樣的錯誤
[2017-01-03T11:45:20,419][FATAL][logstash.runner ] The given configuration is in
valid. Reason: The setting `message_format` in plugin `file` is obsolete and is no longer
available. You can achieve the same behavior with the 'line' codec If you have any quest
ions about this, you are invited to visit https://discuss.elastic.co/c/logstash and ask.
誰能幫我解決這個問題?