Comment lancer logstash avec docker-compose


#1

Quand je lance logstash en mode docker-compose, j'ai une erreur :

Creating logstash ... done
Attaching to logstash
logstash    | OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
logstash    | Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
logstash    | [2018-12-06T20:17:26,541][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
logstash    | [2018-12-06T20:17:26,599][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
logstash    | [2018-12-06T20:17:28,571][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
logstash    | [2018-12-06T20:17:28,658][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.5.1"}
logstash    | [2018-12-06T20:17:28,889][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"197cae58-6deb-4053-bf97-78c12cd65f53", :path=>"/usr/share/logstash/data/uuid"}
logstash    | [2018-12-06T20:17:31,676][WARN ][logstash.monitoringextension.pipelineregisterhook] xpack.monitoring.enabled has not been defined, but found elasticsearch configuration. Please explicitly set `xpack.monitoring.enabled: true` in logstash.yml
logstash    | [2018-12-06T20:17:36,145][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
logstash    | [2018-12-06T20:17:36,226][INFO ][logstash.licensechecker.licensereader] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://elasticsearch:9200/, :path=>"/"}
logstash    | [2018-12-06T20:17:37,615][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch: Name or service not known"}
logstash    | [2018-12-06T20:17:37,911][WARN ][logstash.licensechecker.licensereader] Marking url as dead. Last error: [LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError] Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch {:url=>http://elasticsearch:9200/, :error_message=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch", :error_class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError"}
logstash    | [2018-12-06T20:17:37,990][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch"}
logstash    | [2018-12-06T20:17:38,370][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
logstash    | [2018-12-06T20:17:55,880][INFO ][logstash.pipeline        ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
logstash    | [2018-12-06T20:17:56,525][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
logstash    | [2018-12-06T20:17:56,567][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://elasticsearch:9200/, :path=>"/"}
logstash    | [2018-12-06T20:17:56,926][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch: Name or service not known"}
logstash    | [2018-12-06T20:17:57,239][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//elasticsearch:9200"]}
logstash    | [2018-12-06T20:18:00,796][INFO ][logstash.inputs.file     ] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/usr/share/logstash/data/plugins/inputs/file/.sincedb_7a7413a84171aa550d5318c17fd756e9", :path=>["/var/log/*.log"]}
logstash    | [2018-12-06T20:18:01,093][INFO ][logstash.pipeline        ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0xb704de7 run>"}
logstash    | [2018-12-06T20:18:01,622][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
logstash    | [2018-12-06T20:18:01,776][INFO ][filewatch.observingtail  ] START, creating Discoverer, Watch with file and sincedb collections
````

Voici le contenu de mon fichier docker-compose.yml :

version: '3.3'
services:
logstash:
   image: docker.elastic.co/logstash/logstash:6.5.1
   container_name: logstash
   volumes:
     - ./logstash.conf:/config/logstash.conf
     - ./log:/var/log:ro
   command: ["logstash", "-f", "/config/logstash.conf"]

Voici mon fichier logstash.conf

input {
file {
 path => ["/var/log/*.log"]
 start_position => "beginning"
 type => "haproxy"
}
}
filter {
grok {
 match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}"]
 overwrite => [ "message" ]
}

date {
 match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
 remove_field => [ "timestamp" ]
}
useragent {
 source => "agent"
}
}
output {
elasticsearch {
 hosts => ["elasticsearch:9200"]
}
stdout { codec => rubydebug }
}


Merci par avance.`Preformatted text`