我尝试在ELK使用安全功能。我的 flex 版本是7.5.1

我的文件配置有问题。我无法启动logstash

1.首先,我通过添加elasticsearch.yml启用xpack.security.enabled: true中的安全性

2.其次,在kibana.yml处,我编辑elasticsearch.username =“elasctic”,而elasticsearch.password是我设置的密码

我开始服务elasticsearch和kibana。
仍然在这里一切都还可以。

3.然后我用下面的conf运行logstash:

    input {
        file {
                path => ["/etc/logstash/handleexception1.txt"]
        type => "_doc"
                start_position => beginning
        }
}
filter {
        dissect {
            mapping => {
                "message" => "%{Date} %{Time} %{INFO} %{Service} Message:%{Message} ExceptionList:%{ExceptionList}"
            }
        }
}
output {
                hosts => ["localhost:9200"]
        index => "logstashhhandlerror2"
        user => "elastic"
        pasword => "elastic"
        }
        stdout { codec => rubydebug}
}

按理我尝试过
input {
elasticsearch{
    file {
            path => ["/etc/logstash/handleexception1.txt"]
    type => "_doc"
            start_position => beginning
    }
user => "elastic"
password => "elastic"
}
}

filter {
    elasticsearch{
        dissect {
            mapping => {
                "message" => "%{Date} %{Time} %{INFO} %{Service} Message:%{Message} ExceptionList:%{ExceptionList}"
            }
        }
    user => "elastic"
    password => "elastic"
    }
}
output {
                hosts => ["localhost:9200"]
        index => "logstashhhandlerror2"
        user => "elastic"
        pasword => "elastic"
        }
        stdout { codec => rubydebug}
}

这是我尝试启动logtash.service时的屏幕

elasticsearch - 启用安全性时无法启动logstash在 Elasticsearch 和Kibana上-LMLPHP

感谢您的阅读,希望您能提出我的问题。

最佳答案

您的第3点配置应该只在需要更改索引创建,更新输出的情况下才起作用:

output {
    elasticsearch {
      hosts => ["localhost:9200"]
      index => "logstashhhandlerror2"
      user => "elastic"
      pasword => "elastic"
    }
    stdout { codec => rubydebug}
  }
 }

09-10 01:16
查看更多