如何配置索引模式?
How can I configure an index pattern?
我有一个系统使用多个 docker 图像登录到 syslog-ng。
Syslog-ng 配置为将来自其他容器的所有流写入文件。
这部分运行良好,我得到了这样的日志:
2016-01-04T20:28:38+03:00 197.23.42.1 1 2016-01-04T14:28:38.197-03:00 adad20179cfb server-zuul - Audit - Mapped URL path [/micro-sacca-movimientos/**] onto handler of type [class org.springframework.cloud.netflix.zuul.web.ZuulController]
2016-01-04T20:30:29+03:00 197.23.42.1 1 2016-01-04T14:30:29.725-03:00 47dabf38eb34 server-zuul - Audit - Mapped URL path [/micro-sacca-movimientos/**] onto handler of type [class org.springframework.cloud.netflix.zuul.web.ZuulController]
2016-01-04T20:33:24+03:00 197.23.42.1 1 2016-01-04T14:33:24.447-03:00 47dabf38eb34 server-zuul - Audit - Flipping property: micro-sacca-movimientos.ribbon.ActiveConnectionsLimit to use NEXT property: niws.loadbalancer.availabilityFilteringRule.activeConnectionsLimit = 2147483647
2016-01-04T20:33:24+03:00 197.23.42.1 1 2016-01-04T14:33:24.455-03:00 47dabf38eb34 server-zuul - Audit - Client:micro-sacca instantiated a LoadBalancer:DynamicServerListLoadBalancer:{NFLoadBalancer:name=micro-sacca-movimientos,current list of Servers=[],Load balancer stats=Zone stats: {},Server stats: []}ServerList:null
然后我尝试配置那个图像:
https://hub.docker.com/r/willdurand/elk/
我映射了日志路径并为 logstash 设置了这个配置:
input {
file {
path => ["/var/log/syslog-ng/20160104/*.log"]
start_position => "beginning"
}
}
然后启动镜像,进入Kibana 4界面。
我试过像这样的模式:
YYYY.MM.DD 和 YYYY-MM-DD 但我始终无法创建索引以开始使用 Kibana。
索引模式我做错了什么?
或者我错放了一些 docker 图片配置?
它适用于那个配置:
input {
file {
type => "syslog"
path => ["/var/log/syslog-ng/**/*.log"]
start_position => "beginning"
}
}
filter {
grok {
match => [ "message", "%{CISCOTIMESTAMP} %{IP:ip} 1 %{MCOLLECTIVEAUDIT}%{ISO8601_SECOND}%{ISO8601_TIMEZONE} %{WORD:contenedor} %{USERNAME:servicio} - Audit - %{UUID:idTx} %{WORD:codigoErr} %{GREEDYDATA:data}"]
}
}
output {
elasticsearch {
host => "127.0.0.1"
cluster => "logstash"
}
}
我有一个系统使用多个 docker 图像登录到 syslog-ng。 Syslog-ng 配置为将来自其他容器的所有流写入文件。 这部分运行良好,我得到了这样的日志:
2016-01-04T20:28:38+03:00 197.23.42.1 1 2016-01-04T14:28:38.197-03:00 adad20179cfb server-zuul - Audit - Mapped URL path [/micro-sacca-movimientos/**] onto handler of type [class org.springframework.cloud.netflix.zuul.web.ZuulController]
2016-01-04T20:30:29+03:00 197.23.42.1 1 2016-01-04T14:30:29.725-03:00 47dabf38eb34 server-zuul - Audit - Mapped URL path [/micro-sacca-movimientos/**] onto handler of type [class org.springframework.cloud.netflix.zuul.web.ZuulController]
2016-01-04T20:33:24+03:00 197.23.42.1 1 2016-01-04T14:33:24.447-03:00 47dabf38eb34 server-zuul - Audit - Flipping property: micro-sacca-movimientos.ribbon.ActiveConnectionsLimit to use NEXT property: niws.loadbalancer.availabilityFilteringRule.activeConnectionsLimit = 2147483647
2016-01-04T20:33:24+03:00 197.23.42.1 1 2016-01-04T14:33:24.455-03:00 47dabf38eb34 server-zuul - Audit - Client:micro-sacca instantiated a LoadBalancer:DynamicServerListLoadBalancer:{NFLoadBalancer:name=micro-sacca-movimientos,current list of Servers=[],Load balancer stats=Zone stats: {},Server stats: []}ServerList:null
然后我尝试配置那个图像:
https://hub.docker.com/r/willdurand/elk/
我映射了日志路径并为 logstash 设置了这个配置:
input {
file {
path => ["/var/log/syslog-ng/20160104/*.log"]
start_position => "beginning"
}
}
然后启动镜像,进入Kibana 4界面。 我试过像这样的模式:
YYYY.MM.DD 和 YYYY-MM-DD 但我始终无法创建索引以开始使用 Kibana。
索引模式我做错了什么? 或者我错放了一些 docker 图片配置?
它适用于那个配置:
input {
file {
type => "syslog"
path => ["/var/log/syslog-ng/**/*.log"]
start_position => "beginning"
}
}
filter {
grok {
match => [ "message", "%{CISCOTIMESTAMP} %{IP:ip} 1 %{MCOLLECTIVEAUDIT}%{ISO8601_SECOND}%{ISO8601_TIMEZONE} %{WORD:contenedor} %{USERNAME:servicio} - Audit - %{UUID:idTx} %{WORD:codigoErr} %{GREEDYDATA:data}"]
}
}
output {
elasticsearch {
host => "127.0.0.1"
cluster => "logstash"
}
}