在弹性搜索和 Kibana 启用安全性时无法启动 logstash
Can't not start logstash when enable security At elastic search and Kibana
我正在尝试使用 ELK 的安全功能。我的弹性版本是 7.5.1
我的文件配置有问题。我无法启动 logstash
1.First,我通过添加 xpack.security.enabled: true
在 elasticsearch.yml 中启用安全性
2.Second,在 kibana.yml 我编辑 elasticsearch.username = "elasctic" 并且 elasticsearch.password 是我的设置密码
我启动服务 elasticsearch 和 kibana。
还在这里一切都好
3.Then 我 运行 我的 logstash 和下面的 conf:
input {
file {
path => ["/etc/logstash/handleexception1.txt"]
type => "_doc"
start_position => beginning
}
}
filter {
dissect {
mapping => {
"message" => "%{Date} %{Time} %{INFO} %{Service} Message:%{Message} ExceptionList:%{ExceptionList}"
}
}
}
output {
hosts => ["localhost:9200"]
index => "logstashhhandlerror2"
user => "elastic"
pasword => "elastic"
}
stdout { codec => rubydebug}
}
其实我都试过了
input {
elasticsearch{
file {
path => ["/etc/logstash/handleexception1.txt"]
type => "_doc"
start_position => beginning
}
user => "elastic"
password => "elastic"
}
}
filter {
elasticsearch{
dissect {
mapping => {
"message" => "%{Date} %{Time} %{INFO} %{Service} Message:%{Message} ExceptionList:%{ExceptionList}"
}
}
user => "elastic"
password => "elastic"
}
}
output {
hosts => ["localhost:9200"]
index => "logstashhhandlerror2"
user => "elastic"
pasword => "elastic"
}
stdout { codec => rubydebug}
}
这是我尝试启动时的屏幕logtash.service
感谢阅读,希望您能提出我的问题。
您的第 3 点配置应该可以正常工作,您只需要为索引创建进行一项更改,更新输出:
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logstashhhandlerror2"
user => "elastic"
pasword => "elastic"
}
stdout { codec => rubydebug}
}
}
我正在尝试使用 ELK 的安全功能。我的弹性版本是 7.5.1
我的文件配置有问题。我无法启动 logstash
1.First,我通过添加 xpack.security.enabled: true
elasticsearch.yml 中启用安全性
2.Second,在 kibana.yml 我编辑 elasticsearch.username = "elasctic" 并且 elasticsearch.password 是我的设置密码
我启动服务 elasticsearch 和 kibana。 还在这里一切都好
3.Then 我 运行 我的 logstash 和下面的 conf:
input {
file {
path => ["/etc/logstash/handleexception1.txt"]
type => "_doc"
start_position => beginning
}
}
filter {
dissect {
mapping => {
"message" => "%{Date} %{Time} %{INFO} %{Service} Message:%{Message} ExceptionList:%{ExceptionList}"
}
}
}
output {
hosts => ["localhost:9200"]
index => "logstashhhandlerror2"
user => "elastic"
pasword => "elastic"
}
stdout { codec => rubydebug}
}
其实我都试过了
input {
elasticsearch{
file {
path => ["/etc/logstash/handleexception1.txt"]
type => "_doc"
start_position => beginning
}
user => "elastic"
password => "elastic"
}
}
filter {
elasticsearch{
dissect {
mapping => {
"message" => "%{Date} %{Time} %{INFO} %{Service} Message:%{Message} ExceptionList:%{ExceptionList}"
}
}
user => "elastic"
password => "elastic"
}
}
output {
hosts => ["localhost:9200"]
index => "logstashhhandlerror2"
user => "elastic"
pasword => "elastic"
}
stdout { codec => rubydebug}
}
这是我尝试启动时的屏幕logtash.service
感谢阅读,希望您能提出我的问题。
您的第 3 点配置应该可以正常工作,您只需要为索引创建进行一项更改,更新输出:
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logstashhhandlerror2"
user => "elastic"
pasword => "elastic"
}
stdout { codec => rubydebug}
}
}