Vmware-Esxi
Logstash netflow 外掛配置錯誤
我正在嘗試使用 logstash 使用 netflow 外掛從 VMware ESXi 收集流量資訊。
我已經在安裝了 openjdk 8 的 Ubuntu 16.04.1 上從 www.elastic.co 安裝了最新版本的 logstash 和 elasticsearch。
我已經創建了這個配置文件:
input { udp { host => localhost port => 9995 codec => netflow { versions => [10] target => ipfix } type => ipfix } } output { stdout { codec => rubydebug } elasticsearch { index => "logstash_netflow5-%{+YYYY.MM.dd}" host => "localhost" } }但是當我執行時:
logstash -f logstash-staticfile-netflow.conf我得到以下資訊:
Pipeline aborted due to error {:exception=>"LogStash::ConfigurationError", :backtrace=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:88:in config_init'", "org/jruby/RubyHash.java:1342:ineach'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:72:in config_init'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/outputs/base.rb:79:ininitialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/output_delegator.rb:74:in register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:instart_workers'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:instart_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:instart_pipeline'"], :level=>:error} No matching template for flow id 256 {:level=>:warn} stopping pipeline {:id=>"main"}你知道為什麼我有這個錯誤嗎?提前感謝您的幫助!
我發現了問題,錯誤是logstash 2.x中的配置語法發生了變化,我不得不替換
host => "localhost"和:
hosts => ["localhost"]