我已将logstash + elasticsearch + kibana安装到一台主机中,并收到标题中的错误。我已经在所有相关主题上进行了谷歌搜索,但仍然没有运气,但是卡住了。
我将分享我所做的配置:
elasticsearch.yml
cluster.name: hive
node.name: "logstash-central"
network.bind_host: 10.1.1.25
/var/log/elasticsearch/hive.log的输出
[2015-01-13 15:18:06,562][INFO ][node ] [logstash-central] initializing ...
[2015-01-13 15:18:06,566][INFO ][plugins ] [logstash-central] loaded [], sites []
[2015-01-13 15:18:09,275][INFO ][node ] [logstash-central] initialized
[2015-01-13 15:18:09,275][INFO ][node ] [logstash-central] starting ...
[2015-01-13 15:18:09,385][INFO ][transport ] [logstash-central] bound_address {inet[/10.1.1.25:9300]}, publish_address {inet[/10.1.1.25:9300]}
[2015-01-13 15:18:09,401][INFO ][discovery ] [logstash-central] hive/T2LZruEtRsGPAF_Cx3BI1A
[2015-01-13 15:18:13,173][INFO ][cluster.service ] [logstash-central] new_master [logstash-central][T2LZruEtRsGPAF_Cx3BI1A][logstash.tw.intra][inet[/10.1.1.25:9300]], reason: zen-disco-join (elected_as_master)
[2015-01-13 15:18:13,193][INFO ][http ] [logstash-central] bound_address {inet[/10.1.1.25:9200]}, publish_address {inet[/10.1.1.25:9200]}
[2015-01-13 15:18:13,194][INFO ][node ] [logstash-central] started
[2015-01-13 15:18:13,209][INFO ][gateway ] [logstash-central] recovered [0] indices into cluster_state
访问 logstash.example.com:9200 会像ES指南中所示提供普通输出:
{
"status" : 200,
"name" : "logstash-central",
"cluster_name" : "hive",
"version" : {
"number" : "1.4.2",
"build_hash" : "927caff6f05403e936c20bf4529f144f0c89fd8c",
"build_timestamp" : "2014-12-16T14:11:12Z",
"build_snapshot" : false,
"lucene_version" : "4.10.2"
},
"tagline" : "You Know, for Search"
}
正在访问 http://logstash.example.com:9200/_status吗? 提供以下内容:
{"_shards":{"total":0,"successful":0,"failed":0},"indices":{}}
默认是Kibanas config.js :
elasticsearch: "http://"+window.location.hostname+":9200"
Kibana通过Nginx使用。这是 /etc/nginx/conf.d/nginx.conf :
server {
listen *:80 ;
server_name logstash.example.com;
location / {
root /usr/share/kibana3;
Logstash配置文件为 /etc/logstash/conf.d/central.conf :
input {
redis {
host => "10.1.1.25"
type => "redis-input"
data_type => "list"
key => "logstash"
}
output {
stdout{ { codec => rubydebug } }
elasticsearch {
host => "logstash.example.com"
}
}
Redis正在工作,并且流量在主服务器和从服务器之间传递(我已经通过tcpdump进行了检查)。
15:46:06.189814 IP 10.1.1.50.41617 > 10.1.1.25.6379: Flags [P.], seq 89560:90064, ack 1129, win 115, options [nop,nop,TS val 3572086227 ecr 3571242836], length 504
netstat -apnt 显示以下内容:
tcp 0 0 10.1.1.25:6379 10.1.1.50:41617 ESTABLISHED 21112/redis-server
tcp 0 0 10.1.1.25:9300 10.1.1.25:44011 ESTABLISHED 22598/java
tcp 0 0 10.1.1.25:9200 10.1.1.35:51145 ESTABLISHED 22598/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22379/nginx
您能否告诉我应该以哪种方式调查此问题?
提前致谢
最佳答案
该问题可能是由于Nginx设置以及Kibana(安装在服务器上)正在浏览器中运行并试图从那里访问Elasticsearch的事实所致。解决此问题的典型方法是在nginx中设置代理,然后更改config.js。
您似乎为nginx for Kibana设置了正确的代理,但是您需要做一些额外的工作才能使kibana能够访问Elasticsearch。
检查关于此帖子的评论:http://vichargrave.com/ossec-log-management-with-elasticsearch/
并检查此帖子:https://groups.google.com/forum/#!topic/elasticsearch/7hPvjKpFcmQ
而此示例nginx配置:https://github.com/johnhamelink/ansible-kibana/blob/master/templates/nginx.conf.j2
关于elasticsearch - 另一个无法通过http://logstash.example.com:9200与Elasticsearch联系,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27925010/