设置 ELK。我试图确保一切都刚刚开始(稍后我将添加 Filebeat)。看起来我做的一切都是正确的,但是当我启动 Logstash 时,它崩溃并出现错误:
logstash-1 | Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
logstash-1 | [2023-12-09T21:12:57,201][INFO ][logstash.runner ] Log4j configuration path used is: /usr/share/logstash/config/log4j2.properties
logstash-1 | [2023-12-09T21:12:57,231][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"8.10.2", "jruby.version"=>"jruby 9.4.2.0 (3.1.0) 2023-03-08 90d2913fda OpenJDK 64-Bit Server VM 17.0.8+7 on 17.0.8+7 +indy +jit [x86_64-linux]"}
logstash-1 | [2023-12-09T21:12:57,238][INFO ][logstash.runner ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -Djava.a
wt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/uran
dom, -Dlog4j2.isThreadContextMapInheritable=true, -Dls.cgroup.cpuacct.path.override=/, -Dls.cgroup.cpu.path.override=/, -Xmx256m, -Xms256m, -Djr
uby.regexp.interruptible=true, -Djdk.io.File.enableADS=true, --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED, --add-exports=jdk.c
ompiler/com.sun.tools.javac.file=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED, --add-exports=jdk.compiler/com.
sun.tools.javac.tree=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED, --add-opens=java.base/java.security=ALL-UNNAM
ED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED]
logstash-1 | [2023-12-09T21:12:57,276][INFO ][logstash.settings ] Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
logstash-1 | [2023-12-09T21:12:57,282][INFO ][logstash.settings ] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
logstash-1 | [2023-12-09T21:12:57,828][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"d638b99d-5934-454f-bf51-953f2522bbe8", :path=>"/usr/share/logstash/data/uuid"}
logstash-1 | [2023-12-09T21:12:59,026][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::P
ipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of [ \\t\\r\\n], \"#\", \"input\", \
"filter\", \"output\" at line 1, column 1 (byte 1)", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:32:in `compile_imp
erative'", "org/logstash/execution/AbstractPipelineExt.java:239:in `initialize'", "org/logstash/execution/AbstractPipelineExt.java:173:in `initi
alize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:48:in `initialize'", "org/jruby/RubyClass.java:931:in `new'", "/usr/sh
are/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:49:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:386:in `block in converge_state'"]}
logstash-1 | [2023-12-09T21:12:59,103][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
logstash-1 | [2023-12-09T21:12:59,124][INFO ][logstash.runner ] Logstash shut down.
logstash-1 | [2023-12-09T21:12:59,137][FATAL][org.logstash.Logstash ] Logstash stopped processing because of an error: (SystemExit) exit
logstash-1 | org.jruby.exceptions.SystemExit: (SystemExit) exit
logstash-1 | at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:795) ~[jruby.jar:?]
logstash-1 | at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:758) ~[jruby.jar:?]
logstash-1 | at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:90) ~[?:?]
logstash-1 exited with code 1
但我不明白为什么。做过logstash.conf:
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
}
}
和logstash.yml:
pipeline.batch.size: 125
pipeline.batch.delay: 50
xpack.monitoring.enabled: false
docker-compose.yml看起来像这样:
version: "3"
services:
app:
build: .
ports:
- "8080:80"
networks:
- main
logstash:
image: logstash:8.10.2
labels:
co.elastic.logs/enabled: "false"
ports:
- "5044:5044"
environment:
LS_JAVA_OPTS: "-Xmx256m -Xms256m"
volumes:
- ./Configs/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,Z
- ./Configs/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro,Z
depends_on:
- app
networks:
- main
elasticsearch:
image: elasticsearch:8.10.2
labels:
co.elastic.logs/enabled: "false"
ports:
- "9200:9200"
- "9300:9300"
environment:
- xpack.security.enabled=false
- discovery.type=single-node
- bootstrap.memory_lock=true
- ES_JAVA_OPTS=-Xms512m -Xmx512m
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 32767
hard: 32767
cap_add:
- IPC_LOCK
volumes:
- elasticsearch-data:/usr/share/elasticsearch/data
depends_on:
- logstash
networks:
- main
kibana:
image: kibana:8.10.2
labels:
co.elastic.logs/enabled: "false"
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
ports:
- "5601:5601"
depends_on:
- elasticsearch
networks:
- main
volumes:
elasticsearch-data:
networks:
main:
该错误表明logstash 配置中存在不正确的符号。我查看了 Docker,配置如下所示:
有某种红点。也许没有办法添加呢?这可能是问题所在吗?
我不知道这是如何发生的或为什么发生,但是当我创建logstesh配置文件时,我在rider中做了它。他用编码创建文件
UTF-8 with BOM并添加了一个不可见的字符。我下载了 Notepad++ 并将编码更改为UTF-8,一切正常。