logstash版本 6.7
在logstash.yml中新增了 X-Pack Monitoring相关配置以后
output中配置如下
output { elasticsearch { action => "index" hosts => ["https://***001:27920","https://***002:27920"] index => "test_info_%{[my_index]}" document_type => "%{[@metadata][_type]}" document_id => "%{[@metadata][_id]}" template_name => "test_template" ssl => true ssl_certificate_verification => true cacert => "/usr/local/logstash-6.7.0/config/certs/elastic-stack-ca.pem" user => "logstash_admin" password => "********" } }
采集日志,正常运行没有问题!
因为考虑使用logstash迁移es历史数据,input中(错误)配置写法如下
input { elasticsearch { hosts => [ "https://***001:27920", "https://***002:27920"] index => "test_data" query => '{"query": {"match": {"policy_no":"*******"} } }' size =>1000 scroll =>"1m" slices =>5 docinfo => true ssl => true user => "logstash_admin" password => "******" ca_file => "/usr/local/logstash-6.7.0/config/certs/elastic-stack-ca.pem" } }
logstash启动异常如下
Error: Failed to open TCP connection to https:0 (initialize: name or service not known) Exception: Faraday::ConnectionFailed Stack: org/jruby/ext/socket/RubyTCPSocket.java:138:in `initialize'
修改input配置如下可用:
input {
elasticsearch {
hosts => [****001:27920","****002:27920"]
index => "test_data"
query => '{"query": {"match": {"policy_no":"**************"} } }'
size =>1000
scroll =>"1m"
slices =>5
docinfo => true
ssl => true
user => "logstash_admin"
password => "**********"
ca_file => "/usr/local/logstash-6.7.0/config/certs/elastic-stack-ca.pem"
}
}