我正在尝试使用 logstash 通过 netflow 插件从 VMware ESXi 收集流量信息。
我已经在安装了 openjdk 8 的 Ubuntu 16.04.1 上安装了来自 www.elastic.co 的最新版本的 logstash 和 elasticsearch。
我已经创建了这个配置文件:
input {
udp {
host => localhost
port => 9995
codec => netflow {
versions => [10]
target => ipfix
}
type => ipfix
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
index => "logstash_netflow5-%{+YYYY.MM.dd}"
host => "localhost"
}
}
但是当我执行时:
logstash -f logstash-staticfile-netflow.conf
我得到以下信息:
Pipeline aborted due to error {:exception=>"LogStash::ConfigurationError", :backtrace=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:88:in config_init'", "org/jruby/RubyHash.java:1342:ineach'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:72:in config_init'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/outputs/base.rb:79:ininitialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/output_delegator.rb:74:in register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:instart_workers'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:instart_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:instart_pipeline'"], :level=>:error}
No matching template for flow id 256 {:level=>:warn}
stopping pipeline {:id=>"main"}
你知道我为什么会犯这个错误吗?提前感谢你的帮助!
答案1
我找到了问题,错误在于 logstash 2.x 中的配置语法发生了变化,我不得不替换
host => "localhost"
和:
hosts => ["localhost"]