1. 首頁
  2. 問答
  3. 爲什麼docker filebeat用代碼0退出?

爲什麼docker filebeat用代碼0退出?

2015-12-22 64 views
1

Iam在github中使用docker-elk並運行docker-elk container.my日誌以kibana顯示。 現在我想在Docker-elk中使用文件節拍而不是logstash-forwarder。爲此,我選擇了github中的彈性/節拍並構建了一個docker image.Now包含在我的docker-compose.yml.now 當iam運行容器logstash運行,彈性搜索運行,但文件的節拍與代碼0爲什麼docker filebeat用代碼0退出?

退出這是我的搬運工,compose.yml

elasticsearch: 
    image: elasticsearch:latest 
    command: elasticsearch -Des.network.host=0.0.0.0 
    ports: 
    - "9200:9200" 
logstash: 
    image: logstash:2.0 
    command: logstash agent --config /etc/logstash/conf.d/ -l /var/log/logstash/logstash.log --debug 
    volumes: 
    - ./logstash/config:/etc/logstash/conf.d 
    - ./logstash/patterns/nginx:/etc/logstash/patterns/nginx 

    ports: 
    - "5000:5000" 
    links: 
    - elasticsearch 
kibana: 
    build: kibana/ 
    volumes: 
    - ./kibana/config/kibana.yml:/opt/kibana/config/kibana.yml 
    ports: 
    - "5601:5601" 
    links: 
    - elasticsearch 
beats: 
    image: pavankuamr/beats 

    volumes: 
    - ./logstash/beats:/etc/filebeat 
    - /var/log/nginx:/var/log/nginx 
    links: 
    - logstash 
    - elasticsearch 
    environment: 
    - ES_HOST=elasticsearch 
    - LS_HOST=logstash 
    - LS_TCP_PORT=5044

這是我filebeat.yml

filebeat: 

    prospectors: 

     paths: 
     - /var/log/nginx/access.log 



     input_type: log 


    registry_file: /var/lib/filebeat/registry 


    config_dir: /etc/filebeat/conf.d 



    elasticsearch: 
    enabled: false 

    hosts: ["localhost:9200"] 




    logstash: 
    # The Logstash hosts 
    enabled: true 
    hosts: ["localhost:5044"]

這我的logstash.conf

input { 
    beats { 
    port => 5044 
    type => "logs" 
    } 
    file { 
    type => "nginx" 
    start_position => "beginning" 
    path => [ "/var/log/nginx/access.log" ] 
    } 
file { 
    type => "nginxerror" 
    start_position => "beginning" 
    path => [ "/var/log/nginx/error.log" ] 
    } 
} 
filter { 

    if [type] == "nginx" { 
    grok { 
    patterns_dir => "/etc/logstash/patterns" 
    match => { "message" => "%{NGINX_ACCESS}" } 
    remove_tag => ["_grokparsefailure"] 
    add_tag => ["nginx_access"] 
    } 

    geoip { 
     source => "remote_addr" 
    } 
    } 

    if [type] == "nginxerror" { 
    grok { 
    patterns_dir => "/etc/logstash/patterns" 
    match => { "message" => "%{NGINX_ERROR}" } 
    remove_tag => ["_grokparsefailure"] 
    add_tag => ["nginx_error"] 
    } 

    } 
} 


output { 
    elasticsearch { 

     hosts => "elasticsearch:9200" 
       sniffing => true 
       manage_template => false 
       index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" 
       document_type => "%{[@metadata][type]}" 
    } 

}

來源

2015-12-22 Veerendra Borra

+0

首先elasticsearch輸出配置有作爲最近發佈移除「已啓用」選項,使其完全除去。 Filebeat啓動時日誌文件可能不存在嗎?如果不存在要抓取的日誌文件,則目前存在問題。 – ruflin

回答

0

變化hosts: ["localhost:9200"]hosts: ["logstash:9200"]到logstash輸出上filebeat.yml

來源

2015-12-28 21:14:11

相關問題

 相關問題