Не данных в файле после обработки в logstash

Elastic In Your Native Tongue Вопросы на русском языке
1

Добрый день!!!

Я новичок в данной программы, прошу помощи у гуру logstash.

Файл не имеет данных !!!!

Конфиг logstash

input {

    udp {
            port => 8516
    }

}

filter {

    grok {
            break_on_match => false
            match => { "message" => ["(?m)%{GREEDYDATA:data}"]
            }
    }

}

output {

    if [data] {
            file {
                    path => "/var/lib/logstash/%{+yyyy}/%{+yyyy-MM-dd}.csv"
                    codec => line { format => "%{data}" }
            }
    }

}

данные на порту

13:57:09.255719 IP (tos 0x1c, ttl 124, id 54321, offset 0, flags [none], proto UDP (17), length 518)
109.195.80.76.64488 > 188.186.156.234.8516: [udp sum ok] UDP, length 490
E....1..|.P.m.PL......!D.........R...0.[{.LD.!.(.......m.PL..8c:83:e1:61:3a:30..
.L^..8c:83:e1:61:3a:30 .bsr01-spb,.EF11D40E53DFA35CED0AD5.... .2.EF11D40E54AA2A5CED11497....=.....W.lag-1:754.36.SLA-REDIRECT..8c:83:e1:61:3a:30/..........0....8+....2......k.0x8001 minimalt...........v...........k.0x8002 minimalt...........v.............0x8001 minimalu...........w.............0x8002 minimalu..........2w..........8
13:57:09.259798 IP (tos 0x1c, ttl 124, id 54321, offset 0, flags [none], proto UDP (17), length 426)
109.195.80.76.64488 > 188.186.156.234.8516: [udp sum ok] UDP, length 398
E....1..|.QAm.PL......!D........n..~.T..R>c.9.&.(.......m.PL..48:2c:a0:6b:12:1c..
.V...48:2c:a0:6b:12:1c .bsr01-spb,.EF11D40E541EAD5CED0CDD.....(2.EF11D40E5500055CED14057....=.....W.lag-1:760.3600.SLA-REDIRECT..48:2c:a0:6b:12:1c/..........0.....+......J....k.0x8001 no-statsk.0x8002 no-stats..0x8001 no-stats..0x8002 no-stats

Файл csv не создается

ЛОГ
[2019-05-28T13:59:24,127][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-05-28T13:59:24,145][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.1.0"}
[2019-05-28T13:59:30,715][INFO ][logstash.javapipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, :thread=>"#<Thread:0x2cce1a
[2019-05-28T13:59:30,763][INFO ][logstash.javapipeline ] Pipeline started {"pipeline.id"=>"main"}
[2019-05-28T13:59:30,871][INFO ][logstash.inputs.udp ] Starting UDP listener {:address=>"0.0.0.0:8516"}
[2019-05-28T13:59:30,903][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[2019-05-28T13:59:31,001][INFO ][logstash.inputs.udp ] UDP listener started {:address=>"0.0.0.0:8516", :receive_buffer_bytes=>"62464", :queue_size=>"2000"}
[2019-05-28T13:59:31,233][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

2

Коллеги подскажите почему не могу разобрать, эти данные ?????

3

Вопрос решен не актуально

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.