linux 版本6.8
logstash版本 6.1.2
如果我使用initctl start logstash方法开启, 在日志里会有报错信息。如下:
如果使用bin/logstash -f config/conf.d/logstash_out.conf 开启则正常,没有错。 配置文件是一样的,这是怎么回事?
P/S: config file.
[root@elk conf.d]# cat logstash_out.conf
input {
beats {
port => 5044
}
}
filter {
if [tags][0] == "secure" {
grok {
match => {
"message" => ".* sshd\[\d+\]: (?<status>\S+) .* for( invalid user)? (?<user>\w+) from (?<ClientIP>(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?) .*"
}
overwrite => ["message"]
}
}
mutate {
remove_tag => ["beats_input_codec_plain_applied"]
add_field => { "hostname" => "%{[beat][hostname]}" }
remove_field => ["beat","prospector","offset","@version"]
}
}
output {
stdout {
codec => rubydebug
}
}
P/S: log
[2018-02-12T11:04:39,739][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<NameError: undefined local variable or method `dotfile' for #<AwesomePrint::Inspector:0x5c607c76>
Did you mean? @@dotfile>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/awesome_print-1.8.0/lib/awesome_print/inspector.rb:163:in `merge_custom_defaults!'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/awesome_print-1.8.0/lib/awesome_print/inspector.rb:50:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/awesome_print-1.8.0/lib/awesome_print/core_ext/kernel.rb:9:in `ai'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-codec-rubydebug-3.0.5/lib/logstash/codecs/rubydebug.rb:39:in `encode_default'", "org/jruby/RubyMethod.java:115:in `call'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-codec-rubydebug-3.0.5/lib/logstash/codecs/rubydebug.rb:35:in `encode'", "/usr/share/logstash/logstash-core/lib/logstash/codecs/base.rb:50:in `block in multi_encode'", "org/jruby/RubyArray.java:1734:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/codecs/base.rb:50:in `multi_encode'", "/usr/share/logstash/logstash-core/lib/logstash/outputs/base.rb:90:in `multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/single.rb:15:in `block in multi_receive'", "org/jruby/ext/thread/Mutex.java:148:in `synchronize'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/single.rb:14:in `multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator.rb:50:in `multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:487:in `block in output_batch'", "org/jruby/RubyHash.java:1343:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:486:in `output_batch'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:438:in `worker_loop'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:393:in `block in start_workers'"]}
logstash版本 6.1.2
如果我使用initctl start logstash方法开启, 在日志里会有报错信息。如下:
如果使用bin/logstash -f config/conf.d/logstash_out.conf 开启则正常,没有错。 配置文件是一样的,这是怎么回事?
P/S: config file.
[root@elk conf.d]# cat logstash_out.conf
input {
beats {
port => 5044
}
}
filter {
if [tags][0] == "secure" {
grok {
match => {
"message" => ".* sshd\[\d+\]: (?<status>\S+) .* for( invalid user)? (?<user>\w+) from (?<ClientIP>(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?) .*"
}
overwrite => ["message"]
}
}
mutate {
remove_tag => ["beats_input_codec_plain_applied"]
add_field => { "hostname" => "%{[beat][hostname]}" }
remove_field => ["beat","prospector","offset","@version"]
}
}
output {
stdout {
codec => rubydebug
}
}
P/S: log
[2018-02-12T11:04:39,739][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<NameError: undefined local variable or method `dotfile' for #<AwesomePrint::Inspector:0x5c607c76>
Did you mean? @@dotfile>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/awesome_print-1.8.0/lib/awesome_print/inspector.rb:163:in `merge_custom_defaults!'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/awesome_print-1.8.0/lib/awesome_print/inspector.rb:50:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/awesome_print-1.8.0/lib/awesome_print/core_ext/kernel.rb:9:in `ai'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-codec-rubydebug-3.0.5/lib/logstash/codecs/rubydebug.rb:39:in `encode_default'", "org/jruby/RubyMethod.java:115:in `call'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-codec-rubydebug-3.0.5/lib/logstash/codecs/rubydebug.rb:35:in `encode'", "/usr/share/logstash/logstash-core/lib/logstash/codecs/base.rb:50:in `block in multi_encode'", "org/jruby/RubyArray.java:1734:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/codecs/base.rb:50:in `multi_encode'", "/usr/share/logstash/logstash-core/lib/logstash/outputs/base.rb:90:in `multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/single.rb:15:in `block in multi_receive'", "org/jruby/ext/thread/Mutex.java:148:in `synchronize'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/single.rb:14:in `multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator.rb:50:in `multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:487:in `block in output_batch'", "org/jruby/RubyHash.java:1343:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:486:in `output_batch'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:438:in `worker_loop'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:393:in `block in start_workers'"]}
0 个回复