我的本地计算机上运行着四个容器(Elastic search (8.10.2)、Logstash、Kibana 和我的应用程序容器),并且应用程序配置为将日志转发到 Logstash。我之前使用 UDP 在端口 9600 上转发日志,现在想更改为 TCP,但这样做遇到了一些问题。
这是我的
logstash.confinput {
tcp {
port => 9600
}
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "titan-%{+YYYY-MM-dd}"
ilm_enabled => "true"
ilm_rollover_alias => "myapp"
ilm_pattern => "{now/d}-000001"
ilm_policy => "myapp-policy"
user => "elastic"
password => <elastic-password>
}
}
Logstash 服务:
Logstash:
image: logstash:8.10.2
container_name: logstash
restart: always
volumes:
- ./logstash/:/logstash_dir
command: logstash -f /logstash_dir/logstash.conf
depends_on:
- Elasticsearch
ports:
- '9600:9600'
environment:
LS_JAVA_OPTS: "-Xmx512m -Xms512m"
应用程序的 docker-compose:
logging:
driver: syslog
options:
syslog-address: "tcp://localhost:9600"
通过上述配置,我可以看到索引,但无法获取任何数据。
另外,Logstash 容器会抛出以下错误
warning: thread "[main]<tcp" terminated with exception (report_on_exception is true):
ArgumentError: wrong number of arguments (given 2, expected 0..1)
translate at /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/i18n-1.14.1/lib/i18n.rb:210
inputworker at /usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:427
start_input at /usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:405
我做错或遗漏了什么?
修复已合并到 github 中。还有这个。如果您运行的是 8.10.x,您可以降级到 8.9.x 或升级到 8.11.x。
与8.10中的JRuby更新有关。 i18n 代码有