我可以请求帮助吗?
我使用如下:
- logstash v.6.1.5
我有以下logstash输出:
elasticsearch {
hosts => ["es_host"]
ssl => true
user => "user"
password => "password"
template => '/etc/logstash/conf.d/template-default.json'
template_overwrite => true
index => "log-default-%{+yyyy-MM-dd}"
ilm_enabled => false
}
这是模板:
"order": 1,
"index_patterns": [
"log-default-*",
"log-http-*"
],
"settings": {
"number_of_shards": 6,
"number_of_replicas": 2
},
"mappings": {
"_default_": {
"dynamic_templates": [
{
"ips": {
"match_pattern": "regex",
"match": "^(?:orig_)?(?:src|dst)ip$",
"mapping": {
"type": "ip"
}
}
},
{
"strings": {
"match": "*",
"unmatch": "*message",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
]
}
}
}
当我启动logstash时,我收到如下所示的错误。有人知道是哪里出了问题吗?
[ERROR][logstash.outputs.elasticsearch] Failed to install template. {:message=>"Got response code '400' contacting Elasticsearch at URL 'https://es-host:443/_template/logstash'
您的template-default.json文件应该包含此内容,即删除_default_键,然后您就可以开始了。
{
"order": 1,
"index_patterns": [
"log-default-*",
"log-http-*"
],
"settings": {
"number_of_shards": 6,
"number_of_replicas": 2
},
"mappings": {
"dynamic_templates": [
{
"ips": {
"match_pattern": "regex",
"match": "^(?:orig_)?(?:src|dst)ip$",
"mapping": {
"type": "ip"
}
}
},
{
"strings": {
"match": "*",
"unmatch": "*message",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
]
}
}