Hi,
I have configured an ELK pipeline and setup kafka as an input in my logstash configuration:
input {
kafka {
bootstrap_servers => "127.0.0.1:9092"
topics => "applog"
}
}
filter {
grok {
match => {
"message" => "[%{TIMESTAMP_ISO8601:mydate}][%{DATA:loglevel}][%{DATA:component_name}][%{DATA:inst_id}][%{DATA:class}]?: %{GREEDYDATA:log_message}"
}
}
date {
match => ["mydate", "YYYY-MM-dd HH:mm:ss,SSS","ISO8601"]
target=>"@timestamp"
}
}
output {
elasticsearch {
hosts => localhost
}
}
Here is what I get in my terminal when I add a stdout output:
[2019-04-23T09:26:35,626][INFO ][org.apache.kafka.clients.consumer.ConsumerConfig] ConsumerConfig values:
auto.commit.interval.ms = 5000
auto.offset.reset = latest
bootstrap.servers = [127.0.0.1:9092]
check.crcs = true
client.dns.lookup = default
client.id = logstash-0
connections.max.idle.ms = 540000
default.api.timeout.ms = 60000
enable.auto.commit = true
exclude.internal.topics = true
fetch.max.bytes = 52428800
fetch.max.wait.ms = 500
fetch.min.bytes = 1
group.id = logstash
heartbeat.interval.ms = 3000
interceptor.classes =
internal.leave.group.on.close = true
isolation.level = read_uncommitted
key.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
max.partition.fetch.bytes = 1048576
max.poll.interval.ms = 300000
max.poll.records = 500
metadata.max.age.ms = 300000
metric.reporters =
metrics.num.samples = 2
metrics.recording.level = INFO
metrics.sample.window.ms = 30000
partition.assignment.strategy = [class org.apache.kafka.clients.consumer.RangeAssignor]
receive.buffer.bytes = 65536
reconnect.backoff.max.ms = 1000
reconnect.backoff.ms = 50
request.timeout.ms = 30000
retry.backoff.ms = 100
sasl.client.callback.handler.class = null
sasl.jaas.config = null
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.login.callback.handler.class = null
sasl.login.class = null
sasl.login.refresh.buffer.seconds = 300
sasl.login.refresh.min.period.seconds = 60
sasl.login.refresh.window.factor = 0.8
sasl.login.refresh.window.jitter = 0.05
sasl.mechanism = GSSAPI
security.protocol = PLAINTEXT
send.buffer.bytes = 131072
session.timeout.ms = 10000
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
ssl.endpoint.identification.algorithm = https
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLS
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.location = null
ssl.truststore.password = null
ssl.truststore.type = JKS
value.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
[2019-04-23T09:26:35,796][INFO ][org.apache.kafka.common.utils.AppInfoParser] Kafka version : 2.1.0
[2019-04-23T09:26:35,796][INFO ][org.apache.kafka.common.utils.AppInfoParser] Kafka commitId : eec43959745f444f
[2019-04-23T09:26:36,165][INFO ][org.apache.kafka.clients.Metadata] Cluster ID: RKMed7wBSiqyv3uibNz_Xw
[2019-04-23T09:26:36,174][INFO ][org.apache.kafka.clients.consumer.internals.AbstractCoordinator] [Consumer clientId=logstash-0, groupId=logstash] Discovered group coordinator 127.0.0.1:9092 (id: 2147483647 rack: null)
[2019-04-23T09:26:36,183][INFO ][org.apache.kafka.clients.consumer.internals.ConsumerCoordinator] [Consumer clientId=logstash-0, groupId=logstash] Revoking previously assigned partitions
[2019-04-23T09:26:36,184][INFO ][org.apache.kafka.clients.consumer.internals.AbstractCoordinator] [Consumer clientId=logstash-0, groupId=logstash] (Re-)joining group
[2019-04-23T09:26:36,327][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9601}
[2019-04-23T09:26:37,209][INFO ][org.apache.kafka.clients.consumer.internals.AbstractCoordinator] [Consumer clientId=logstash-0, groupId=logstash] Successfully joined group with generation 11
[2019-04-23T09:26:37,212][INFO ][org.apache.kafka.clients.consumer.internals.ConsumerCoordinator] [Consumer clientId=logstash-0, groupId=logstash] Setting newly assigned partitions [applog-0]
When I go to the elasticsearch index management in Kibana, it has been created but with 0 documents:
I have 138 messages in my partition of my kafka topic. When I try manually by replacing the kafka input by stdin, it works fine. I can't figure out what the problem is.