本文介绍了完成解析后杀死logstash的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我只是将已解析的数据从Logstash输出到mongodb中,但是有什么方法可以告诉日志何时完成解析,以便可以杀死Logstash?由于正在处理大量日志,因此我无法标准输出数据.

I'm only outputting my parsed data into a mongodb from logstash, but it there any way to tell when the logs are finished parsing, so that I can kill logstash? As a lot of logs are being processed, I cannot stdout my data.

推荐答案

由于使用的是文件输入,因此某处应该有一个.sincedb文件.该文件跟踪已经解析了多少行.据我了解,它的结构是这样的:

Since you are using a file input, there should be a .sincedb file somewhere. That file keeps track of how many lines have already been parsed. As far as I understand it, it is structured this way:

INODE_NUMBER              CURRENT_LINE_NUMBER

inode编号标识一个文件(因此,如果您正在解析多个文件,或者如果您的文件正在翻转,则将有几行).另一个数字就像是logstash的书签,用于记住它已经读过的内容(以防您多次处理同一个文件).所以基本上,当这个数字停止上升时,这应该意味着logstash已完成对文件的解析.

The inode number identifies a file (so if you are parsing several files or if your file is being rolled over, there will be several lines). The other number is like a bookmark for logstash to remember what it already read (in case you would proceed the same file in several times). So basically, when this number stops moving up, this should mean that logstash is done parsing the file.

或者,如果您未设置多行过滤器,则可以简单地将文件的行数与mongodb中的记录数进行比较.

Alternatively if you have no multiline filter set up, you could simply compare the number of lines the file has to the number of records in mongodb.

第三种可能性,您可以设置另一个输出,不一定是stdout,例如,这可能是指向脚本的管道,该管道将简单地删除数据并在一段时间后没有新内容时显示一条消息,或者其他替代方法,参见文档.

Third possibility, you can setup another output, not necessarily stdout, this could be for example a pipe to a script that will simply drop the data and print a message when it got nothing new after some time, or some other alternative, see the docs.

这篇关于完成解析后杀死logstash的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 16:53
查看更多