configuration - aws cloudwatch -> logstash -> 弹性云 | [ERROR][logstash.pipeline] 注册插件时出错
问题描述
我logstash v6.8.1在 aws ec2 linux 2 ami 实例上运行。我已经成功安装了logstash。
我正在使用 logstash 来获取aws cloudwatch使用这个插件的日志https://github.com/lukewaite/logstash-input-cloudwatch-logs。我已经成功安装了插件。
我在/usr/share/logstash目录中。
我使用的命令是sudo bin/logstash --path.settings /etc/logstash/ -f config/cloud_watch.conf
这是我的cloud_watch.conf文件
input {
cloudwatch_logs {
log_group => [ "/my/log/group" ]
region => "us-west-2"
access_key_id => "access_key"
secret_access_key => "secret_key"
}
}
output {
elasticsearch {
hosts => "https://xxxxxxxx.us-west-1.aws.found.io:9243"
user => "elastic"
password => "my_password"
}
stdout { }
}
当我运行此命令时,我收到此错误消息
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2019-07-01T19:33:17,229][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-07-01T19:33:17,261][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.8.1"}
[2019-07-01T19:34:05,286][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2019-07-01T19:34:06,506][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elastic:xxxxxx@41e8f9885e01498aaa03909926286fc9.us-west-1.aws.found.io:9243/]}}
[2019-07-01T19:34:07,754][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"https://elastic:xxxxxx@41e8f9885e01498aaa03909926286fc9.us-west-1.aws.found.io:9243/"}
[2019-07-01T19:34:08,126][ERROR][logstash.pipeline ] Error registering plugin {:pipeline_id=>"main", :plugin=>"#<LogStash::OutputDelegator:0x6d3bd20a>", :error=>"Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')\n
at [Source: (byte[])\"<!DOCTYPE html><html lang=\"en\"><head><meta charset=\"utf-8\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"><meta name=\"viewport\" content=\"width=device-width\"><title>Kibana</title><style>/* INTER UI FONT */\n/
* INTER UI FONT */\n/* INTER UI FONT */\n/* INTER UI FONT */\n@font-face {\n font-family: 'Inter UI';\n font-style: normal;\n font-weight: 100;\n src: url(\"/ui/fonts/inter_ui/Inter-UI-Thin-BETA.woff2\") format(\"woff2\"),\n url(\"/ui/fonts/inter_ui/Inter-UI-Thin-BETA.woff\") format\"[truncated 73333 bytes]; line: 1, column: 2]", :thread=>"#<Thread:0x66dd4fdf run>"}
[2019-07-01T19:34:08,136][ERROR][logstash.pipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<LogStash::Json::ParserError: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
at [Source: (byte[])"<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta name="viewport" content="width=device-width"><title>Kibana</title><style>/* INTER UI FONT */
/* INTER UI FONT */
/* INTER UI FONT */
/* INTER UI FONT */
@font-face {
font-family: 'Inter UI';
font-style: normal;
font-weight: 100;
src: url("/ui/fonts/inter_ui/Inter-UI-Thin-BETA.woff2") format("woff2"),
错误消息持续了好几行。
当我修改我cloudwatch.conf的这个
input {
cloudwatch_logs {
log_group => [ "/my/log/group" ]
region => "us-west-2"
access_key_id => "access_key"
secret_access_key => "secret_key"
}
}
output {
stdout { }
}
我可以在我的 cli 控制台中看到新的日志进入我的日志流。我知道插件工作正常。但是当我尝试将这些日志发送到我的弹性云时,我得到了上面提到的错误。我不知道发生了什么。