Logstash-弹性搜索

Logstash-Elastic search

我在尝试将 Logstash 与 Elasticsearch 连接时遇到以下错误

        **log4j, [2015-01-17T17:19:00.559]  WARN: org.elasticsearch.discovery: [logstash-ip-10-181-166-160-1026-2020] waited for 30s and no initial state was set by the discovery**

logstash.conf

input {
      lumberjack {
        port => 5000
        type => "logs"
        ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
        ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"

    }

    }

    filter {
    grok { match => [ "message", "%{TIME:log_time}\|%{WORD:Message_type}\|%{GREEDYDATA:Component}\|%{NUMBER:line_number}\| %{GREEDYDATA:log_message}"]
             match => [ "path" , "%{GREEDYDATA}/%{GREEDYDATA:loccode}/%{GREEDYDATA:_machine}\:%{DATE:logdate}.log"]
             break_on_match => false
    }

    stdout { codec => rubydebug }
    elasticsearch{
            embedded => false
            host => "localhost"
            #host => "http://xxx.xxx.xxx:9200"
            port => "9300"
            cluster=>"Elasticsearch-Logstash"
            manage_template=> false
            index=>"doppleml-%{loccode}-%{+YYYY.MM.dd}"
            #template=>"/home/hduser/elasticsearch/logstash-1.4.2/doppleML_template.json"
            #template=>"/home/ubuntu/elkproject/logstash-1.4.2/doppleML_template.json"

         }

    }

Elasticsearch.yml:

  network.host: localhost
    cluster.name: Elasticsearch-Logstash

我是否需要对 logstash 或 Elasticsearch 配置文件进行任何更改?

如果您没有设置协议,它可能默认为 "http",但您直接将端口设置为“9300”,这是行不通的。我要么将协议设置为 "http" 并将端口设置为“9200”,要么将协议设置为 "node" 或 "transport" 并将端口设置为“9300”。

该文档页面对 setting/debugging logstash 和 elasticsearch 的输出设置很有帮助:

http://logstash.net/docs/1.4.2/outputs/elasticsearch