我尝试在ELK使用安全功能。我的 flex 版本是7.5.1
我的文件配置有问题。我无法启动logstash
1.首先,我通过添加elasticsearch.yml
启用xpack.security.enabled: true
中的安全性
2.其次,在kibana.yml
处,我编辑elasticsearch.username
=“elasctic”,而elasticsearch.password
是我设置的密码
我开始服务elasticsearch和kibana。
仍然在这里一切都还可以。
3.然后我用下面的conf运行logstash:
input {
file {
path => ["/etc/logstash/handleexception1.txt"]
type => "_doc"
start_position => beginning
}
}
filter {
dissect {
mapping => {
"message" => "%{Date} %{Time} %{INFO} %{Service} Message:%{Message} ExceptionList:%{ExceptionList}"
}
}
}
output {
hosts => ["localhost:9200"]
index => "logstashhhandlerror2"
user => "elastic"
pasword => "elastic"
}
stdout { codec => rubydebug}
}
按理我尝试过
input {
elasticsearch{
file {
path => ["/etc/logstash/handleexception1.txt"]
type => "_doc"
start_position => beginning
}
user => "elastic"
password => "elastic"
}
}
filter {
elasticsearch{
dissect {
mapping => {
"message" => "%{Date} %{Time} %{INFO} %{Service} Message:%{Message} ExceptionList:%{ExceptionList}"
}
}
user => "elastic"
password => "elastic"
}
}
output {
hosts => ["localhost:9200"]
index => "logstashhhandlerror2"
user => "elastic"
pasword => "elastic"
}
stdout { codec => rubydebug}
}
这是我尝试启动logtash.service时的屏幕
感谢您的阅读,希望您能提出我的问题。
最佳答案
您的第3点配置应该只在需要更改索引创建,更新输出的情况下才起作用:
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logstashhhandlerror2"
user => "elastic"
pasword => "elastic"
}
stdout { codec => rubydebug}
}
}