elasticsearch - 如何修复Docker ELK堆栈Logstash导入连接错误

Question

尝试使用日志存储将CSV文件导入 Elasticsearch 实例时遇到问题。
我正在使用预配置的Docker ELK堆栈。

运行命令时出现的错误如下:

D:\data_sets\logstac config>docker cp CVEimport.conf 80:/

D:\data_sets\logstac config>docker exec -it 80 /bin/bash
bash-4.2$ logstash -f /CVEimport.conf --path.data ./storage/
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/logstash/logstash-core/lib/jars/jruby-complete-9.2.9.0.jar) to method sun.nio.ch.NativeThread.signal(long)
WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
[2020-04-03T12:35:08,901][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-04-03T12:35:08,921][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.6.0"}
[2020-04-03T12:35:10,957][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@elasticsearch:9200/]}}
[2020-04-03T12:35:12,083][WARN ][logstash.licensechecker.licensereader] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@elasticsearch:9200/"}
[2020-04-03T12:35:12,333][INFO ][logstash.licensechecker.licensereader] ES Output version determined {:es_version=>7}
[2020-04-03T12:35:12,349][WARN ][logstash.licensechecker.licensereader] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2020-04-03T12:35:13,001][INFO ][logstash.monitoring.internalpipelinesource] Monitoring License OK
[2020-04-03T12:35:13,007][INFO ][logstash.monitoring.internalpipelinesource] Validated license for monitoring. Enabling monitoring pipeline.
[2020-04-03T12:35:15,226][INFO ][org.reflections.Reflections] Reflections took 187 ms to scan 1 urls, producing 20 keys and 40 values
[2020-04-03T12:35:16,318][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@127.0.0.1:9200/]}}
[2020-04-03T12:35:16,375][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elastic:xxxxxx@127.0.0.1:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elastic:xxxxxx@127.0.0.1:9200/][Manticore::SocketException] Connection refused (Connection refused)"}

然后它将继续尝试重新连接。

我的配置文件是:

    input {

    file {
        path => ["/CVEDB1.csv"]
        start_position => "beginning"
        sincedb_path => "/dev/null"

    }
}

filter {
        csv {
        columns=> ["Name","Status","Description","References","Phase","Votes","Comments"]
        separator => ","
        }
}

output {

    elasticsearch {
    hosts => "http://127.0.0.1:9200"
    index => "cve"
    user => "elastic"
    password => "changeme"
    }
    stdout{}
}

由于我是ELK堆栈的新手，因此任何信息都将有所帮助。

Answer 1

您是否正在运行Elasticsearch REST服务？

# are we green?
curl http://localhost:9200/_cluster/health?pretty

如果要独立测试logstash，则可以将输出发送到控制台

# output to console
output {
  stdout { codec => rubydebug }
}

注意。只要您没有保护Elasticsearch集群，就不需要用户名和密码。
注意。运行docker 时
container(localhost)!=主机(localhost)。

您可以在host_mode内运行Elasticsearch

利用docker-compose并建立服务发现。

curl http://172.16.0.2/_cluster/health?pretty(docker0子网)